Click to watch a video about File Type Control, including how to configure the File Type Control policy.
To configure a rule to restrict the upload and download of various types of files, see the instructions below. See also the recommended File Type Control policy.
- Go to Policy > Access Control > File Type Control.
- Click Add File Type Control Rule, and complete the following:
- Rule Order: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule’s place in the order. You can change the value, but if you’ve enabled Admin Rank, your assigned admin rank determines the Rule Order values you can select.
- Admin Rank: This option appears if you enabled the Admin Ranking feature in the Advanced Settings page.
Enter a value from 1-7 (1 is the highest rank). Your assigned admin rank determines the values you can select. You cannot select a rank that is higher than your own. The rule’s Admin Rank determines the value you can select in Rule Order, so that a rule with a higher Admin Rank always precedes a rule with a lower Admin Rank.
- Rule Name: Enter a unique name for the File Type Control rule, or use the default name.
- Rule Status: Choose to Enable or Disable the rule. An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
- File Types: Select file types to which you want to apply the rule. You can also select Undetectable File under Other to apply the rule to unknown file types. For unknown types, the service checks for file type in the file header using true file type detection. If the file is still unknown, the service performs MIME type checks and tags as an unknown file type any that fall outside of well-defined MIME types for common apps. You can select any number of file types and also search for file types.
- URL Categories: Select URL categories to which you want to apply the rule. The service applies the rule when users upload to and/or download files from sites in the selected categories. Select Any to apply the rule to all categories, or select any number of categories. You can also search for URL categories, or add a custom category by clicking the Add icon.
- Users: Select Any to apply the rule to all users, or select up to 4 users under General Users. If you've enabled the unauthenticated users policy, you can select Special Users to apply this rule to all unauthenticated users, or select specific types of unauthenticated users. You can search for users or click the Add icon to add a new user.
- Groups: Select Any to apply the rule to all groups, or select up to 8 groups. You can search for groups or click the Add icon to add a new group.
- Departments: Select Any to apply the rule to all departments, or select any number of departments. If you've enabled the unauthenticated users policy, you can select Special Departments to apply this rule to all unauthenticated transactions. You can search for departments or click the Add icon to add a new department.
- Locations: Select Any to apply the rule to all locations, or select up to 8 locations. You can also search for a location or click the Add icon to add a new location. To apply this rule to unauthenticated traffic, the rule must apply to all locations.
- Time: Select Always to apply this rule to all time intervals, or select up to two time intervals. You can also search for a time interval or click the Add icon to add a new time interval.
- Action: Choose to Allow, Block, or Caution users from uploading or downloading files.
- Upload/Download: Choose whether the specified action applies to uploading files, downloading files, or both.
- Description: Optionally, enter additional notes or information. The description cannot exceed 10,240 characters.
- Click Save and activate the change.