Enforcement based on file extension

When a user requests a URL in a permitted category for which file type blocking is enabled, Filtering Service checks the files associated with the URL to see if any of them has a file extension that is assigned to a blocked file type. If so, the request is blocked, and the user receives a block page that indicates that the request was blocked by file type.

If the file extension is not associated with a blocked file type, what happens next depends on your product:

  • Forcepoint Web Security: The file is analyzed to determine its true file type, and permitted or blocked based on that analysis (see Enforcement based on file analysis).

    If you have the Hybrid Module, the file is analyzed either by Content Gateway or the hybrid service, depending on which proxy handles the user’s request.

  • Forcepoint™ URL Filtering: The file is permitted.

Several predefined file types (groups of file extensions) are included with the product. These file type definitions are maintained in the Forcepoint URL Database, and may be changed as part of the Forcepoint URL Database update process.

You can use the predefined file types, modify the existing file type definitions, or create new file types. You cannot, however, delete pre-defined file types, or delete the file extensions associated with them.

Any of the file extensions associated with a pre-defined file type can be added to a custom file type. The file extension is then filtered and logged according to the settings associated with the custom file type.

File type definitions may contain as many or as few file extensions as are useful for enforcement purposes. Pre-defined file types, for example, include the following file extensions:

File Type Associated Extensions
Compressed files

.ace, .arc, .arj, .b64, .bhx, .cab, .gz, .gzip, .hqx, .iso, .jar, .lzh, .mim, .rar, tar, taz, .tgz, .tz, .uu, .uue, .xxe, .z, .zip


.ade, .adp, .asd, .cwk, .doc, .docx, .dot, .dotm, .dotx,

.grv, .iaf, .lit, .lwp, .maf, .mam, .maq, .mar, .mat,

.mda, .mdb, .mde, .mdt, .mdw, .mpd, .mpp, .mpt, .msg,

.oab, .obi, .oft, .olm, .one, .ops, .ost, .pa, .pdf,

.pip, .pot, .potm, .potx, .ppa, .ppam, .pps, .ppsm, .ppsx,

.ppt, .pptm, .pptx, .prf, .pst, .pub, .puz, .sldm, .sldx,

.snp, .svd, .thmx, .vdx, .vsd, .vss, .vst, .vsx, .vtx,

.wbk, .wks, .wll, .wri, .xar, .xl, .xla, .xlb, .xlc,

.xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx,

.xlw, .xsf, .xsn


.bat, .exe


.bmp, .cmu, .djvu, .emf, .fbm, .fits, .gif, .icb, .ico, .jpeg,

.jpg, .mgr, .miff, .pbf, .pbm, .pcx, .pdd, .pds, .pix, .png, .psb, .psd, .psp,

.rle, .sgi, .sir, .targa, .tga, .tif, .tiff, .tpic, .vda, .vst, .zif


.aif, .aifc, .aiff, .asf, .asx, .avi, .ivf, .m1v, .m3u, .mid,

.midi, .mov, .mp2, .mp2v, .mp3, .mpa, .mpe, .mpg, .mpv2, .ogg,

.qt, .ra, .ram, .rmi, .snd, .wav, .wax, .wm, .wma, .wmp, .wmv, .wmx, .wxv

Rich Internet Applications



.htm, .html, .txt, .xht, .xhtml, .xml


.vbs, .wmf

When a user requests a site, web protection software:

  1. Determines the URL category.
  2. Checks the file extension.
  3. (Forcepoint Web Security) If not blocked by extension, the file is analyzed to find its true file type.
    Note: When multiple group policies could apply to a user request, file type blocking is not performed.

When a user tries to access a blocked file type, the Reason field on the block page indicates that the file type was blocked (see Block Page Management).

The standard block page is not displayed if a blocked image comprises just a portion of a permitted page. Instead, the image region appears blank. This avoids the possibility of displaying a small portion of a block page in multiple locations on an otherwise permitted page.

To view existing file type definitions, edit file types, or create custom file types for enforcement by extension, go to Policy Management > Filter Components, and then click File Types. See Working with file type definitions for more information.

To enable file type blocking, see Enabling file type blocking in a category filter.