Whitelisting file extensions

The file extension whitelist is an optional layer of security in AX Server that restricts the types of files that can be uploaded to the Related Files subfolder.

Note:

The file extension whitelist is enabled by default in new installations of AX Server version 5.3 and later. If you upgrade from a version earlier than 5.3, the whitelist is disabled by default.

How it works

The file extension whitelist specifies a comma-delimited list of file extensions that are permitted. If a user attempts to upload a file type not specified in the whitelist, the upload fails.

Caution

Only the file extension, not the file format, is checked when determining whether the file is included in the whitelist. A file with a whitelisted extension but different format can be uploaded. For example, if .xls is included in the whitelist and .exe is not included, an executable file called example.exe could be renamed example.xls and successfully uploaded.

There are a number of file extensions whitelisted by default, and some extensions that are permanently allowed regardless of whitelist settings:

For a list of the default whitelisted file extensions, see Default whitelisted file extensions
For a list of permanently allowed file extensions, see Permanently allowed file extensions

Example

Your file extension whitelist only contains .txt. Consequently, users can upload any file with a .txt extension, such as sample.txt. When users attempt to upload files with other extensions, such as .pdf, the upload fails.

Configure the file extension whitelist

Use the Server panel of the AX Server Configuration web application to configure the file extension whitelist:

To enable or disable the whitelist, in the Enable whitelist section, select one of the following:
- Yes
- No
Optional. To edit the whitelisted file extensions, in the File extension whitelist field, add or remove file extensions.
File extensions that include one or more of the following characters are invalid and cannot be added to the whitelist: \ / ? : * " > < |.
Note
The whitelist must be enabled to edit the list of file extensions and you must enter extensions in comma-delimited format.
Click Update Server Settings.

Default whitelisted file extensions

Note

Excel files (.xls, .xlsx) can always be uploaded using Add-In for Excel regardless of whether the extensions are included in the whitelist.

File name extension	File type
.accdb, .accde, .accdr, .accdt	Microsoft Access file
.aclscript	ACLScript file
.csv	Comma separated values file
.dap	ACCPAC file
.dat	Data file
.dbf	dBASE database file
.dbp	Database profile
.del	Delimited ASCII file
.dfe	ACCPAC file
.doc, .docb, .docm, .docx, .dot, .dotm, .dotx	Microsoft Word file
.dsn	Database source name file
.eap	ACCPAC file
.inx	ACL index file
.json	JSON (JavaScript Object Notation) file
.mdb	Microsoft Access
.pdf	PDF (portable document format) file
.pot, .potm, .potx, .ppam, pps, .ppsx, .ppt, .pptm, .pptx	Microsoft PowerPoint file
.prf	Microsoft Outlook file
.ps1	PowerShell script file
.rec
.rpt	Crystal Reports report or output file
.sldm, .sldx	Microsoft PowerPoint file
.txt	Plain text file
.vbs	VBScript file
.xbrl
.xla, .xlam, .xll, .xlm, .xls,.xlsb, .xslm, .xlsx, xlt, .xltm, .xltx, xlw	Microsoft Excel file
.xml	XML (extensible markup language) file
.zip	Compressed file

Permanently allowed file extensions

The file types listed in the following table can be uploaded or imported by users with “Full permissions” on a collection or folder regardless of whether they are included in the whitelist. These file types are required to ensure functionality in various AX Server and ACL Analytics features.

File name extension	File type
.acl	ACL project file
.aclapp	Packaged analysis app file
.aclx	Analysis app file
.fmt	Default table layout file in ACL Analytics prior to version 11
.layout	Table layout file in ACL Analytics version 11 and later
.wsp	ACL workspace file

[ Back to top ]