As you might know, the WEBGUI File Browser is replacing the Java Applet to perform download/upload operations via WEBGUI.

You can use the WEBGUI File Browser in all web browsers supported by PAM: check my previous blog about it.

Today I want to present a new feature: white list and black list of the content that can be displayed via WEBGUI file browser.

MP4: No, no, no!

For testing purposes, I uploaded a MP4 video file to a purchase order in my test system.

Here you can see the attachment list:

When I select the Video row and click on the display button, the following popup appears:

So, before I can view a file, the same should be available via virtual file system.

When I confirm this popup, I receive the information that "mp4" files cannot be opened:

And, confirming this popup brings another popup:

What happens via WEBGUI File Browser?

Now I have the file stored in the virtual file system:

When I access the WEBGUI File Browser and try to see the file, I receive more information:

So, the only way to visualize the content of the MP4 file is: export the file to the local file system first, then the file can be opened.

White List, Black List

There is a list of allowed file types and mp4 is not included there.

A new parameter is available:

~webgui_updown_extension_allowed

One example of use:

~webgui_updown_extension_allowed=wav|audio/x-wav;dvi|application/x-dvi

So, if I want to allow the MP4 file type:

~webgui_updown_extension_allowed=mp4|video/mp4

If I would like to block access to HTML files, then another parameter needs to be used:

~webgui_updown_extension_denied

My setting is:

~webgui_updown_extension_denied=html|text/html;htm|text/html

The GUI Configuration of my test system (WEBGUI service):

Now, if I try to visualize the video, the player is called and the video displayed.

If you want to use this new feature, then please read SAP note 2305615: a kernel upgrade is required.

The list of allowed extensions is also available in the note.