Mime filter is not working for rar

Hello, everyone.
I’m using mime filtering for some file extensions to prevent users from uploading to cloud storage files that are not matching this filter. Mime filter stroke is:

/^application/(msexcel|msword|vnd.ms-excel|vnd.ms-powerpoint|vnd.openxmlformats-officedocument.wordprocessingml.document|vnd.openxmlformats-officedocument.spreadsheetml.sheet|vnd.openxmlformats-officedocument.presentationml.presentation|pdf|zip|x-zip-compressed|x-rar-compressed|x-7z-compressed)$|text/(plain|csv)$|image/(jpeg|heic|png)|httpd/unix-directory/I

This stroke covers doc,docx,xls,xlsx… and rar. everything is working, except rar extension…
even if I use only rar filter it will not work.
Every time I try to upload a file with rar extension I get this error in logs (see the spoiler).

Spoiler

OCA\DAV\Connector\Sabre\Exception\Forbidden: Access denied
/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 1104:

OCA\DAV\Connector\Sabre\Directory->createFile()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 527:

Sabre\DAV\Server->createFile()

/var/www/html/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php - line 89:

Sabre\DAV\CorePlugin->httpPut()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 474:

Sabre\DAV\Server->emit()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 251:

Sabre\DAV\Server->invokeMethod()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 319:

Sabre\DAV\Server->start()

/var/www/html/nextcloud/apps/dav/appinfo/v1/publicwebdav.php - line 113:

Sabre\DAV\Server->exec()

/var/www/html/nextcloud/public.php - line 81:

require_once("/var/www/ht … p")

Caused by OCP\Files\ForbiddenException: Access denied
/var/www/html/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php - line 59:

OCA\FilesAccessControl\Operation->checkFileAccess()

/var/www/html/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php - line 286:

OCA\FilesAccessControl\StorageWrapper->checkFileAccess()

/var/www/html/nextcloud/apps/dav/lib/Connector/Sabre/File.php - line 300:

OCA\FilesAccessControl\StorageWrapper->unlink()

/var/www/html/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php - line 155:

OCA\DAV\Connector\Sabre\File->put()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 1104:

OCA\DAV\Connector\Sabre\Directory->createFile()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 527:

Sabre\DAV\Server->createFile()

/var/www/html/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php - line 89:

Sabre\DAV\CorePlugin->httpPut()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 474:

Sabre\DAV\Server->emit()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 251:

Sabre\DAV\Server->invokeMethod()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 319:

Sabre\DAV\Server->start()

/var/www/html/nextcloud/apps/dav/appinfo/v1/publicwebdav.php - line 113:

Sabre\DAV\Server->exec()

/var/www/html/nextcloud/public.php - line 81:

require_once("/var/www/ht … p")

I’m usually not using .rar files on my server, but a quick check showed me, that the following mime type is returned:

# file --mime-type <rar-file>
<rar-file>: application/x-rar
            ^^^^^^^^^^^^^^^^^

I tried to use tagging app to see, what mime-type is correct for me. The tag is only applied, when I use x-rar-compressed.

I’m still trying to resolve this issue and now I’m trying to do it on GitHub on official app site:
https://github.com/nextcloud/files_accesscontrol/issues/195
There you can find some workarounds, if you want/need.

1 Like

Created file /var/www/html/nextcloud/config/mimetypemapping.json and put there this text:

Спойлер

{
“_comment” : “Array mapping file extensions to mimetypes (in alphabetical order)”,
“_comment2”: “The first index in the mime type array is the assumed correct mimetype”,
“_comment3”: “and the second (if present) is a secure alternative”,

    "_comment4": "Any changes you make here will NOT (!!!)  be overwritten on an update of Nextcloud",
    "_comment5": "Any custom mappings are in THIS  file mimetypemapping.json",
    "_comment6": "All mime types were taken from https://aerorock.co.nz/list-of-executable-file-extensions-windows/",

    "bat": ["application/denied"],
    "bin": ["application/denied"],
    "cmd": ["application/denied"],
    "com": ["application/denied"],
    "cpl": ["application/denied"],
    "exe": ["application/denied"],
    "gadget": ["application/denied"],
    "ico": ["application/denied"],
    "inf1": ["application/denied"],
    "ins": ["application/denied"],
    "inx": ["application/denied"],
    "isu": ["application/denied"],
    "job": ["application/denied"],
    "jse": ["application/denied"],
    "lnk": ["application/denied"],
    "msc": ["application/denied"],
    "msi": ["application/denied"],
    "msp": ["application/denied"],
    "mst": ["application/denied"],
    "paf": ["application/denied"],
    "pif": ["application/denied"],
    "ps1": ["application/denied"],
    "reg": ["application/denied"],
    "rgs": ["application/denied"],
    "scr": ["application/denied"],
    "sct": ["application/denied"],
    "shb": ["application/denied"],
    "shs": ["application/denied"],
    "u3p": ["application/denied"],
    "vb": ["application/denied"],
    "vbe": ["application/denied"],
    "vbs": ["application/denied"],
    "vbscript": ["application/denied"],
    "ws": ["application/denied"],
    "wsf": ["application/denied"],
    "wsh": ["application/denied"]

}

And my new mime type filter now looks like this:

/^application/(octet-stream|msexcel|msword|vnd.ms-excel|vnd.ms-powerpoint|vnd.openxmlformats-officedocument.wordprocessingml.document|vnd.openxmlformats-officedocument.spreadsheetml.sheet|vnd.openxmlformats-officedocument.presentationml.presentation|pdf|zip|x-zip-compressed|x-rar-compressed|x-7z-compressed)$|text/(plain|csv)$|image/(jpeg|heic|png)|httpd/unix-directory/I

With this filter I can use rar files, but scripts are blocked.

Done forget to use this command to apply these changes:

sudo -u www-data php occ maintenance:mimetype:update-js