How to Upload Restricted File Types in DotNetNuke
Feb
13
Written by:
2/13/2009
DotNetNuke comes with quite a few security features right out of the box. One of those security features is not allowing the uploading of uncommon or harmful file types. Why would this be a security feature? Simple. There are several file types that could be uploaded to your website that would be able to execute code directly against the web server and/or the database server. As you might imagine, that is not a good thing.
Before We Change the Setting
It is actually quite easy to upload restricted file types in DotNetNuke. But before we do, we probably need to consider a couple of questions:
- Is the file absolutely necessary?
- Are the contents of the file trusted?
- Will we need to upload this same file type again in the future?
These questions are very important and should be considered before continuing. First of all, you probably already have #1 answered if you're reading this. Let's move on.
Learing if the contents of the file are safe in many ways is an acquired skill. If you are unsure if the file and it's contents can be trusted, you may need to consult with your favorite techie friend. For the most part, common files that you work with on a daily basis are probably safe.
Finally, if we only need to upload this file once or every once in a while, I would suggest going to your favorite FTP program and uploading the file that way. Doing so would lessen your security risk. When you change the setting for yourself, you change it for everyone that has persmission to upload to one or more folders.
If you are going to need to upload the new file type regularly, and the file type is not a security risk, then we can move on to changing the setting to allow for this file type to be uploaded.
Unrestricting a Restricted File Type
As I stated earlier, allowing a restricted file type is quite easy. First, login to the website using a "Host" account. If you are not the host, or are not sure what I mean by that, you will need to talk to the person who set up your DotNetNuke website.
Once you are logged in as a host, go the Host Menu, and then select the Host Settings.
In the Host Settings, you will need to scroll down to the bottom of the page and expand the "Other Settings" section that is found in the "Advanced Settings" section.
In the "Other Settings" section you will notice a field titled "Allowable File Extensions" with a multi-line textbox next to it. This is the field that we are interested in.
You will notice that there is already a list of file types that are allowed. In DotNetNuke 5, they are as follows:
swf,jpg,jpeg,jpe,gif,bmp,png,doc,xls,ppt,pdf,txt,xml,xsl,css,zip
Adding your file type is quite simple. Let's assume that you want to upload a video file type, such as AVI. If you want to always allow this file to be uploaded, simply add ",avi" to the end of the existing list of file types. That would make the text in the textbox look like this:
swf,jpg,jpeg,jpe,gif,bmp,png,doc,xls,ppt,pdf,txt,xml,xsl,css,zip,avi
Now, just click the Update link at the bottom of the page to save this setting. Once you do, you will be able to upload any AVI files throughout the website.
Technorati Tags: DNN, DotNetNuke, DNN Blog , How To, Administration, 5.00.00
Copyright ©2009 Will Strohl
19 comment(s) so far...
Re: How to Upload Restricted File Types in DotNetNuke
This review of file extensions (i.e., forced MIME Types) was an excellent demonstration.
Thanks, you have solved my questions today on how to resolve the following error:
The File C:\DNN\Portals\0\HOLD\200904news.docx Is A Restricted File Type. Valid File Types Include ( *. swf, *.jpg, *.jpeg, *.jpe, *.gif, *.bmp, *.png, *.doc, *.xls, *.ppt, *.pdf, *.txt, *.xml, *.xsl, *.css, *.zip, *.template ). Please Contact Your Hosting Provider If You Need To Upload A File Type Which Is Not Supported.
By Swettenham on
3/6/2009
|
Re: How to Upload Restricted File Types in DotNetNuke
It was my pleasure. I am happy that I was able to help you.
By Will on
3/6/2009
|
Re: How to Upload Restricted File Types in DotNetNuke
Hello,
How to integrate the swf file in dotnukenet .It should cover the whole page in that whole there should be only swf files onces it click on that swf it should goes on to static page that is home page
By deepthi on
4/27/2009
|
Re: How to Upload Restricted File Types in DotNetNuke
I think someone was lost in translation, as I am not understanding what your point is. Are you talking about a splash page?
By Will on
4/27/2009
|
Re: How to Upload Restricted File Types in DotNetNuke
Hello,
I am desperate to get help for this so I thought I would try this:
I am using Dotnetnuke 4.9.0 as my CMS to build my website.
I am using a flash video player called Ultra Flash Player 6.4. I was able to upload my mp4 video to my ftp server but now I am having problems playing it.
I am using GoDaddy to host my website on an IIS 7 Server. When you click on the video, you see the correct time displayed of 5:02 and the video starts playing but you can only hear the sound and not see the video!
I called GoDaddy and they said the the mime mp4 extension is allowed on that server and that they can't support me any further because they don't support DNN.
I really need to get this up and going so any help would be appreciated.
Thanks.
By Amer Ghafari on
8/20/2009
|
Re: How to Upload Restricted File Types in DotNetNuke
@Amer Without seeing your project, I am not sure where to point you to. Especially since I have not used Ultra Flash Player. Sorry, but there are many unknown variables that surround the question you're asking. That being said, I will would point you to re-verify your media file, then check the markup.
By Will on
8/20/2009
|
Re: How to Upload Restricted File Types in DotNetNuke
Hello Mighty,
This is Amrita.I have some quick questions related digFlash module implementation in dotnetnuke 5.x.The steps which I followed are following ..
1. I just installed digFlash module into dotnetnuke 5.x and add this module on my potal.
2. Then did the settings digFlash admin settings and upload my SWF file but this file having some dependencies on resources file which is having some images.This SWF file uploaded very well in my digFlash module but its not showing flash file contents which are dependent on my resource file so please help me out that how i can attach this resource folde or some other dependent folder for proper mapping means from where my swf file can pick the resources for showing properly.
3.According to yours guidance on dotnetnuke forum i pasted my all
resource files over their location where my flash module is requesting( C:\Inetpub\wwwroot\DotNetNukeLocal\Portals\0)but
still dnn url is not able to pick my resources file.Please help me out of
this situation.
Thanks and Regards
Amrita Vishnoi
By Amrita Vishnoi on
2/18/2010
|
Re: How to Upload Restricted File Types in DotNetNuke
Unless I am misunderstanding, this is a question better posed to the digFlash module vendor for support. I've never used that module myself.
By Will on
2/18/2010
|
Re: How to Upload Restricted File Types in DotNetNuke
it was very usefull.thank you so much.
By shabnam on
5/23/2010
|
Re: How to Upload Restricted File Types in DotNetNuke
Thanks for this article Will! Solved my problem!
By Fahad Nadeem on
6/28/2010
|
Re: How to Upload Restricted File Types in DotNetNuke
Hi,
What about self extracting files which are exe files. What do you recomend? Will it be safe if we add them to the list?
By Habib on
9/6/2010
|
Re: How to Upload Restricted File Types in DotNetNuke
@Habib: EXE files are never safe files to include. I recommend giving each and every executable file that you add to your website a security review. The standards by which you review for security issues will be determined by you and/or your web host or systems administrator.
By Will on
9/6/2010
|
Re: How to Upload Restricted File Types in DotNetNuke
Thanks for giving us instruction
Its working.
By kalpesh on
1/24/2011
|
Re: How to Upload Restricted File Types in DotNetNuke
Anyone know of a recommended or best practices list (reference) for allowable extensions beyond what DNN defaults? Would be useful to me to see a list of additional useful ones that everyone agrees are safe - or even a short list of ones that would be unsafe, and should be avoided. Which ones you pick depends on site usage (e.g. a band website might allow MP3 and some movie formats). I also prefer to allow RAR files. Thanks - Jeremy
www.accuraty.com/
By Jeremy Farrance on
4/13/2011
|
Re: How to Upload Restricted File Types in DotNetNuke
@Jeremy: As DNN grows, in various releases, you do see the "best practice" list grow with it. For example, a few years ago, there were only a couple of allowed files in a default installation. Now, there's more like 15 or 20. It's hard to say that anything else outside of that is "best practice." For example, MP3 files are fairly harmless and could be on such a list, but they are large and can wreak havoc on many sites that have hosting or resource limitations. "Best Practice" in your context would need to be more contextual towards the use case your website is trying to address.
By Will on
4/21/2011
|
Re: How to Upload Restricted File Types in DotNetNuke
Hi ,
I followed your suggestions. But still I am getting this error. "Error adding the document. Cause: current settings (module or host) do not allow this file extension". I checked the allowed file types and it has xls, xlsx, pdf in it. I even tried adding a txt document and I am getting the same error. What am I missing?
By kalp on
5/4/2011
|
Re: How to Upload Restricted File Types in DotNetNuke
@Kalp: Honestly, all you have to do is add the file extension, preceded by a comma. I'd check the spelling. This really is an error-free process that's been used and virtually unchanged for years now. That being said, some modules extend this functionality through their own file selection. If you are experiencing this with a 3rd party or custom module, look for its own settings to also have a restricted file extension setting that you need to tweak.
By Will on
5/23/2011
|
Re: How to Upload Restricted File Types in DotNetNuke
hi,
As u suggested i hv added the extentions i want like mp3,wmv seprated by commas n when i click update it is givving error as Email is invalid near Host Email,where there is a default email id is coming as "support@localhost"..Now what can i do ?what is Host email id?
By Snehal on
12/19/2011
|
Re: How to Upload Restricted File Types in DotNetNuke
@Snehal: On the same view, there's a support email address. Update that to be an actual email address and you will be fine.
By Will on
12/21/2011
|