Web parameter: allowed

Web parameters change the behavior of the web clients that connect to the web tier. For more information, see Web tier parameters.

Parameter

allowed

Description

During attachment file processing on the Service Manager Web tier client, it is possible to configure a white list (allowed list) of file extensions that may be uploaded by users. This is an additional layer of filtering and protection that will occur at the Web tier before the file ever reaches the Service Manager server (RTE) for additional processing. This parameter specifies the allowed list of file extensions that may be attached to a Service Manager record, for example, an Incident record.

Note The allowed list in this parameter is valid only when configured on a Service Manager applications whose version is earlier than 9.50.

This parameter exists in the following servlets in the web tier configuration file (web.xml) file:

  • File Upload
  • Image Upload Servlet
  • Attachment upload servlet
  • Attachment upload servlet for AJAX request
  • Unique attachment upload servlet

Caution If you remove the servlets, all files extensions are allowed.

Note It is a recommended best practice to enable this setting. Be sure to give thoughtful consideration to the list of files as the default list may be too restrictive.

Valid if set from

Web tier configuration file (web.xml and webtier.properties)

Requires restart of the web applications server?

Yes

Default value

bmp,jpg,jpeg,png,gif,txt,log,unl,csv

Note The default value of the Image Upload Servlet is a subset of this list.

Possible values

A list of comma-separated file extensions

Example usage

The following example allows only the listed file types. As a result, other file types (for example, JSP files) are disallowed.

   <init-param>
    <param-name>allowed</param-name>
    <param-value>bmp,jpg,jpeg,png,gif,doc,xls,rtf,txt,docx,xlsx,ppt,pptx,pdf,msg,zip,tar,gz,tgz</param-value>
</init-param>