Re: Restrict Mimi Types in uplaod application

Thread: Re: Restrict Mimi Types in uplaod application

Search this list only Search all lists
Re: Restrict Mimi Types in uplaod application
United States	2007-09-20 19:49:03

I would suggest an allow approach instead of a disallow approach. so if "image/gif", "image/pjpeg", "image/jpeg";, "image/png" allow otherwise disallow. You can also disallow by extension. ----- Original Message ----- From: mbelcher To: AspNetAnyQuestionIsOk%40yahoogroups.com">AspNetAnyQuestionIsOkyahoogroups.com Sent: Friday, September 21, 2007 2:33 AM Subject: [AspNetAnyQuestionIsOk] Restrict Mimi Types in uplaod application Okay, I have found all the mime types I can on the net and via IIS. I have this client who just wants the basic script and program types rejected. I cannot seem to find the correct mime for aspx, .pl , .vb etc . So far I have all these blocked and it works. I can still upload aspx pages etc. I read on one list that application/x-aspx is the mime to block but it is not blocking it. Anyone have a list on the scripting types? Thanks Dim FileType1 FileType1 = File1.PostedFile.ContentType.ToString() If Not (FileType1 = "text/html" Or _ FileType1 = "text/asp" Or _ FileType1 = "text/x-c" Or _ FileType1 = "application/java" Or _ FileType1 = "application/octet-stream" Or _ FileType1 = "application/x-csh" Or _ FileType1 = "text/x-script.csh" Or _ FileType1 = "video/dl" Or _ FileType1 = "text/x-script.elisp" Or _ FileType1 = "application/x-gsp" Or _ FileType1 = "application/x-gss" Or _ FileType1 = "application/x-javascript" Or _ FileType1 = "application/x-ksh" Or _ FileType1 = "text/x-script.ksh" Or _ FileType1 = "text/x-script.perl-module" Or _ FileType1 = "application/postscript" Or _ FileType1 = "application/x-sh" Or _ FileType1 = "text/x-script.sh" Or _ FileType1 = "text/x-server-parsed-html" Or _ FileType1 = "text/x-script.zsh" Or _ FileType1 = "application/internet-property-stream" Or _ FileType1 = "application/olescript" Or _ FileType1 = "application/x-bcpio" Or _ FileType1 = "application/vnd.ms-pki.seccat" Or _ FileType1 = "application/x-java-applet" Or _ FileType1 = "application/java-archive" Or _ FileType1 = "application/liquidmotion" Or _ FileType1 = "text/vbscript" Or _ FileType1 = "text/xml" Or _ FileType1 = "application/x-aspx" Or _ FileType1 = "application/x-httpd-php" Or _ FileType1 = "application/x-httpd-php5" Or _ FileType1 = "application/postscript") Then [Non-text portions of this message have been removed] __._,_.___ Messages in this topic (0) Reply (via web post) \| Start a new topic . __,_._,___
RE: Restrict Mimi Types in uplaod application
United States	2007-09-21 10:29:05

Yeah that is the problem. I asked him "What do you want to be able to upload", and his answer was all kinds of files; not sure. This is why I went and wanted to block scripts and executables. How does it look to bock via ext.? If Not (FileType1 = ".exe" Or _ FileType1 = ".aspx" Or _ Then .. That is probably not the right format. Is there an example? _____ From: AspNetAnyQuestionIsOk%40yahoogroups.com">AspNetAnyQuestionIsOkyahoogroups.com [mailto: AspNetAnyQuestionIsOk%40yahoogroups.com">AspNetAnyQuestionIsOkyahoogroups.com] On Behalf Of Mischa Kroon Sent: Thursday, September 20, 2007 8:49 PM To: AspNetAnyQuestionIsOk%40yahoogroups.com">AspNetAnyQuestionIsOkyahoogroups.com Subject: Re: [AspNetAnyQuestionIsOk] Restrict Mimi Types in uplaod application I would suggest an allow approach instead of a disallow approach. so if "image/gif", "image/pjpeg", "image/jpeg";, "image/png" allow otherwise disallow. You can also disallow by extension. ----- Original Message ----- From: mbelcher To: AspNetAnyQuestionIs <mailto:AspNetAnyQuestionIsOk%40yahoogroups.com> Ok%40yahoogroups.com">Okyahoogroups.com Sent: Friday, September 21, 2007 2:33 AM Subject: [AspNetAnyQuestionIsOk] Restrict Mimi Types in uplaod application Okay, I have found all the mime types I can on the net and via IIS. I have this client who just wants the basic script and program types rejected. I cannot seem to find the correct mime for aspx, .pl , .vb etc . So far I have all these blocked and it works. I can still upload aspx pages etc. I read on one list that application/x-aspx is the mime to block but it is not blocking it. Anyone have a list on the scripting types? Thanks Dim FileType1 FileType1 = File1.PostedFile.ContentType.ToString() If Not (FileType1 = "text/html" Or _ FileType1 = "text/asp" Or _ FileType1 = "text/x-c" Or _ FileType1 = "application/java" Or _ FileType1 = "application/octet-stream" Or _ FileType1 = "application/x-csh" Or _ FileType1 = "text/x-script.csh" Or _ FileType1 = "video/dl" Or _ FileType1 = "text/x-script.elisp" Or _ FileType1 = "application/x-gsp" Or _ FileType1 = "application/x-gss" Or _ FileType1 = "application/x-javascript" Or _ FileType1 = "application/x-ksh" Or _ FileType1 = "text/x-script.ksh" Or _ FileType1 = "text/x-script.perl-module" Or _ FileType1 = "application/postscript" Or _ FileType1 = "application/x-sh" Or _ FileType1 = "text/x-script.sh" Or _ FileType1 = "text/x-server-parsed-html" Or _ FileType1 = "text/x-script.zsh" Or _ FileType1 = "application/internet-property-stream" Or _ FileType1 = "application/olescript" Or _ FileType1 = "application/x-bcpio" Or _ FileType1 = "application/vnd.ms-pki.seccat" Or _ FileType1 = "application/x-java-applet" Or _ FileType1 = "application/java-archive" Or _ FileType1 = "application/liquidmotion" Or _ FileType1 = "text/vbscript" Or _ FileType1 = "text/xml" Or _ FileType1 = "application/x-aspx" Or _ FileType1 = "application/x-httpd-php" Or _ FileType1 = "application/x-httpd-php5" Or _ FileType1 = "application/postscript") Then [Non-text portions of this message have been removed] [Non-text portions of this message have been removed] __._,_.___ Messages in this topic (0) Reply (via web post) \| Start a new topic . __,_._,___

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )