"><img src=x onerror=alert('0')>

Hi, I'm having an issue loading a page to do further edits.

What I've created has many links and anchors.  So perhaps there's an issue in the code somewhere. 

Hi Vivek,

Not sure if this is helpful for your use case.

Attachment Checker for Confluence allows different upload limits for different user groups for different file types.

i.e. You can set allow Confluence admins to upload videos up to 10MB but normal users can only upload videos up to 2MB.

For Data Center deployments, there are use cases where customers being to use Confluence as a media server such as one or more streaming recordings from a single page. 

This brings down the entire cluster.

So, please do provide a way to restrict file types that can be uploaded Confluence.

Most enterprises do have cloud storage on sharepoint or one drive or google drive, customers should be pasting the link on the page and not upload the media file .

please look into this as Confluence does not provide any safety mechanism to prevent cluster outage due to multiple streaming calls.

Reopened due to customer interest in this suggestion. 

Thanks

Makisa | Senior Product Manager, Confluence Server and Data Center

Hi m.goodarzian96, this request is for Confluence. The suggestion you are looking for is JSWSERVER-15829: As an administrator I want to restrict file types for issue attachments in JIRA.
You may also like to ask in the Jira - Atlassian Community

Hi
I want restrict attachment type in creating issue(when creating issue must be attach ONLY excel File in "creat issue screen").I
How can I fix the problem?
and @Michelle Vincent
For restrict the size of file, use this plugin:
https://marketplace.atlassian.com/plugins/com.infosysta.jira.JAM/server/overview
thanks

Thank you, I don't need to restrict upload of certain file types, I need to restrict the size of certain file types. Does your tool do that? I don't see it in the overview.

Hi Michelle,

Will you be interested if we add the feature into Attachment Checker for Confluence?

You can reach us at our servicedesk

Our Attachment Checker for JIRA can detect the correct file type even if the extension has been modified.

We have built a version for Confluence too.

It can be found in Atlassian Marketplace as Attachment Checker for Confluence.

you can use this add-on to restrict attachments based on file type https://marketplace.atlassian.com/plugins/com.elitesoftsp.confluence.attachment.tool.plugins/server/overview

just when the hope has been awakened - it is back to 'won't fix'.
sad

Participants,
We are asking Atlassian to fix this but the votes tell different story all together. We know Atlassian is serious about implementing an issue based on votes so please vote for it and ask others to vote too. I feel this is a serious issue and needs attention from Atlassian.

@matt@atlassian.com, This should be fixed, any reasons why you guys are not paying heed to it??

Also, the reason this feature becomes absolutely imperative is that it questions the existence of Confluence. If we allow big sized word/excel files, people would upload the files rather than creating content in Confluence. If this continues, no organization can stop Confluence from becoming a dumping ground of files.

Moreover many organizations restrict sharing of binary files (Executable) over mails and files above certain size. Due to unavailability of this feature, i have seen teams using File Lists to share binary files and EXE's with each other which they are not allowed to do over mails.

This should be fixed by Atlassian as this has been identifying as major security risk in my organization too. This is delaying the deployment of the tool.

Additionally this is an security risk and it's the vendor's responsibility to take care about the product. Since users are able to upload *.svg files or any other file type that is easy to infiltrate, those files could contain malware. No need to explain the consequences...!

My key customer also think that this functionality should be implemented by Confluence Teams. they thought this is very basic functionality, so it should be supported by Atlassian.
Hence, this issue should be reopened and handled by Confluence Team.

Please, reopen that. This secure funcionality should be default for Confluence, not via payed plugin in my opinion.

JIRA team did not close a similar request yet... https://jira.atlassian.com/browse/JRA-13684
the complaints are similar = some (insert a polite word for stupid) users attach .BMP files 2MB each - and blocking/filtering these is really a useful admin feature

This is a functionality that we have been waiting to get implemented since we started using Confluence v 3.0. We have migrated from 3.5 to 4.2. We have also experienced users uploading zip, exe, scripts and other compiled installers via Confluence, which is hard to manage when you have a large active editor userbase. Developing a plugin will contain the issue and to yet date, no one has commissioned or even tried to offer a plugin for this issue. I think Atlassian should help in directing a more sustainable solution to this missing functionality.

Unfortunately, we are focused on other things right now and don't have any plans to implement this feature.

Our recommendation is still to implement this as a plugin, or get an Atlassian Expert to build it for you if you don't have the skills, if this is a feature you need in Confluence.

Well, that is completely unfortunate that this will not be a standard or supported feature. Like many, we are looking to avoid users attaching zip files and more to our instance as it is not a document repository. It is also unfortunate that the plugin that is linked to doesn't even support more recent versions of confluence nor can it be found. The link redirects me to search for plugins elsewhere in which I cannot find it. Let alone, I wouldn't want to depend on something that isn't supported and could bring my instance down as others have reported.

Disabling attachment indexing also does not stop users from using the wiki as a file repository. While it does decrease the index size, that is still usable space being used when it could and should be controlled via the admin panel with the other attachment configurations.

Thanks for the feedback and the votes. Unfortunately, this feature has been open for a very long time with a low level of interest and the Confluence development team has no plans to implement this feature in the foreseeable future.

This might be a good feature to provide in a plugin, if anyone wants to develop it or commission someone to develop it. One potentially implementation would be to write a filter plugin that intercepts multipart file upload requests and rejects them based on the name or contents of each file.

this would be a great enhancement for confluence. A lot of our users want to just upload xls and doc files, and this eats up our HDD space.

Although it's difficult to restrict attachment uploads by type, it might help to disable attachment indexing:
http://confluence.atlassian.com/display/DOC/How+do+I+disable+indexing+of+attachments

Jeremy

Reopened and updated. The work around listed above points at an unsupported, outdated plugin that doesn't play nicely with the newer versions of Confluence.

To restrict based on filetype, install the Attachment Filter available from http://confluence.atlassian.com/display/CONFEXT/Attachment+Filter and whitelist acceptable filetypes.
To further restrict the maximum size of any one attachment that a user can upload, follow http://confluence.atlassian.com/display/DOC/Configuring+Attachment+Size

Hi Andre, Pavlo,

As you may know, to reliably detect the valid file type can be quite an extensive process. It would require file type sniffing on the actual data. In explanation, if you just solely examine the file extension, it may not be the accurate way of determining the real value of that file.

Of course, pragmatically, one could modify the source code to specify a set of file extensions to be allowed for upload. However, as I've mentioned, this would not enforce the validity of the actual files uploaded.

Thanks,
Ivan

Good request. Some files can be just dangerous (exe, com, bat).

Also customers like upload 2-3 mb BMP images