Can I Create Restrictions (Type, Size, Etc) For The Files Uploaded?


Yes, the default File Firewall app allows you to create file upload rules that restrict files by the following parameters:

  • Regular Expression
  • File mimetype
  • File size
  • IP Range
  • Subnet
  • Request Type
  • Request URL
  • Request Time
  • User Agent
  • User Device
  • User Group

You can set these options in Admin:

Figure 1 - Admin menu

Scroll to the File Firewall section:

Figure 2 - File Firewall UI

For more information about File Firewall, see the ownCloud video File Firewall.

Available Conditions

User Group
The user (is|is not) a member of the selected group.
User Agent
The User-Agent of the request (matches|does not match) the given string.
User Device
A shortcut for matching all known (android | ios | desktop) sync clients by their User Agent string.
Request Time
The time of the request (has to|must not) be in a single range from beginning time to end time.
Request URL
The full page URL (has to|must not) (match|contain|begin with|end) with a given string.
Request Type
The request (is|is not) a (WebDAV|public share link|other) request.
Request IP Range (IPv4) and IP Range (IPv6)
The request’s REMOTE_ADDR header (is|is not) matching the given IP range.
Subnet (IPv4) and Subnet (IPv6)
The request’s SERVER_ADDR header (is|is not) matching the given IP range.
File Size Upload
When a file is uploaded the size has to be (less|less or equal|greater|greater or equal) to the given size.
File Mimetype Upload
When a file is uploaded the mimetype (is|is not|begins with|does not begin with|ends with|does not end with) the given string.
System File Tag
One of the parent folders or the file itself (is|is not) tagged with a System tag.
Regular Expression
The File Firewall supports regular expressions, allowing you to create custom rules using the following conditions:
  • IP Range (IPv4)
  • IP Range (IPv6)
  • Subnet (IPv4)
  • Subnet (IPv6)
  • User agent
  • User group
  • Request URL

You can combine multiple rules into one rule. E.g., if a rule applies to both the support and the qa-team you could write your rule like this:

Regular Expression > ^(support|qa-team)$ > is > User group


Figure 3 shows two rules. The first rule, No Support outside office hours, prevents members of the support group from logging into the ownCloud Web interface from 5pm-9am, and also blocks client syncing.

The second rule prevents members of the qa-team group from accessing the Web UI from IP addresses that are outside of the local network.

Figure 3 - Firewall examples

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Community Forum or get live help.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Datto Homepage