When submitting service requests through iLab, it is essential to ensure that attachments comply with security protocols. To maintain the integrity and security of the system, certain file types are prohibited from being uploaded as attachments to Service Items, and any attempt to upload such files will result in an error message.
These restrictions are in place to prevent the upload and potential execution of files that could carry out harmful actions within the system.
Files capable of remote code execution pose a significant security risk by potentially allowing unauthorized access to the system or executing malicious code. Similarly, files associated with cross-site scripting (XSS) could be used to execute scripts in the Web browsers of unsuspecting users, compromising the security of their data.
All users must adhere to these guidelines to help maintain the security and integrity of the iLab platform. Please contact your iLab Administrator if you have any questions about these restrictions or need further assistance.
Restricted File Extensions:
The following file types are not allowed as attachments:
- ASP Applications: Potential remote code execution risk.
- .asa
- .asax
- .asp
- .aspx
- Java Applications: Potential remote code execution risk.
- .jsp
- .jspx
- Perl Applications: Potential remote code execution risk.
- .pl
- PHP Applications: Potential remote code execution risk.
- .php
- .php3
- .php4
- .php5
- .pht
- .phtml
- Python Applications: Potential remote code execution risk.
- .py
- Ruby Applications: Potential remote code execution risk.
- .rb
- Other Files:
- .bat - Potential system manipulation.
- .cgi - Potential server-side script execution.
- .exe - Executable files with the potential to contain harmful code.
- .htm, .html, .svg, .swf - Potential cross-site scripting (XSS) risk.
- .jar, .rar, .tar - Compressed files, which could contain harmful code.
- .zip, .gz, .7z - Notably, while most compressed file formats are restricted, .zip files are currently allowed due to their handling by security measures in place.
- .cer, .hxt, .stm - Files with potential cross-site scripting (XSS) risk.