Can I Create Restrictions (Type, Size, Etc) For The Files Uploaded?

Follow

Yes, the default File Firewall app allows you to create file upload rules that restrict files by the following parameters:

  • Regular Expression
  • File mimetype
  • File size
  • IP Range
  • Subnet
  • Request Type
  • Request URL
  • Request Time
  • User Agent
  • User Device
  • User Group

You can set these options in Admin:


Figure 1 - Admin menu

Scroll to the File Firewall section:


Figure 2 - File Firewall UI

For more information about File Firewall, see the ownCloud video File Firewall.

Available Conditions

User Group
The user (is|is not) a member of the selected group.
User Agent
The User-Agent of the request (matches|does not match) the given string.
User Device
A shortcut for matching all known (android | ios | desktop) sync clients by their User Agent string.
Request Time
The time of the request (has to|must not) be in a single range from beginning time to end time.
Request URL
The full page URL (has to|must not) (match|contain|begin with|end) with a given string.
Request Type
The request (is|is not) a (WebDAV|public share link|other) request.
Request IP Range (IPv4) and IP Range (IPv6)
The request’s REMOTE_ADDR header (is|is not) matching the given IP range.
Subnet (IPv4) and Subnet (IPv6)
The request’s SERVER_ADDR header (is|is not) matching the given IP range.
File Size Upload
When a file is uploaded the size has to be (less|less or equal|greater|greater or equal) to the given size.
File Mimetype Upload
When a file is uploaded the mimetype (is|is not|begins with|does not begin with|ends with|does not end with) the given string.
System File Tag
One of the parent folders or the file itself (is|is not) tagged with a System tag.
Regular Expression
The File Firewall supports regular expressions, allowing you to create custom rules using the following conditions:
  • IP Range (IPv4)
  • IP Range (IPv6)
  • Subnet (IPv4)
  • Subnet (IPv6)
  • User agent
  • User group
  • Request URL

You can combine multiple rules into one rule. E.g., if a rule applies to both the support and the qa-team you could write your rule like this:

Regular Expression > ^(support|qa-team)$ > is > User group

Examples

Figure 3 shows two rules. The first rule, No Support outside office hours, prevents members of the support group from logging into the ownCloud Web interface from 5pm-9am, and also blocks client syncing.

The second rule prevents members of the qa-team group from accessing the Web UI from IP addresses that are outside of the local network.


Figure 3 - Firewall examples


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Calling all Partners! We want to hear your feedback! Please participate in this quick survey and help us build a better, more-relevant Knowledge Base!

Want to talk about it? Head on over to our Community Forum!