Mime filter is not working for rar

ℹ️ Support
1

Hello, everyone.
I’m using mime filtering for some file extensions to prevent users from uploading to cloud storage files that are not matching this filter. Mime filter stroke is:

/^application/(msexcel|msword|vnd.ms-excel|vnd.ms-powerpoint|vnd.openxmlformats-officedocument.wordprocessingml.document|vnd.openxmlformats-officedocument.spreadsheetml.sheet|vnd.openxmlformats-officedocument.presentationml.presentation|pdf|zip|x-zip-compressed|x-rar-compressed|x-7z-compressed)$|text/(plain|csv)$|image/(jpeg|heic|png)|httpd/unix-directory/I

This stroke covers doc,docx,xls,xlsx… and rar. everything is working, except rar extension…
even if I use only rar filter it will not work.
Every time I try to upload a file with rar extension I get this error in logs (see the spoiler).

Spoiler

OCA\DAV\Connector\Sabre\Exception\Forbidden: Access denied
/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 1104:

OCA\DAV\Connector\Sabre\Directory->createFile()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 527:

Sabre\DAV\Server->createFile()

/var/www/html/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php - line 89:

Sabre\DAV\CorePlugin->httpPut()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 474:

Sabre\DAV\Server->emit()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 251:

Sabre\DAV\Server->invokeMethod()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 319:

Sabre\DAV\Server->start()

/var/www/html/nextcloud/apps/dav/appinfo/v1/publicwebdav.php - line 113:

Sabre\DAV\Server->exec()

/var/www/html/nextcloud/public.php - line 81:

require_once(“/var/www/ht … p”)

Caused by OCP\Files\ForbiddenException: Access denied
/var/www/html/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php - line 59:

OCA\FilesAccessControl\Operation->checkFileAccess()

/var/www/html/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php - line 286:

OCA\FilesAccessControl\StorageWrapper->checkFileAccess()

/var/www/html/nextcloud/apps/dav/lib/Connector/Sabre/File.php - line 300:

OCA\FilesAccessControl\StorageWrapper->unlink()

/var/www/html/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php - line 155:

OCA\DAV\Connector\Sabre\File->put()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 1104:

OCA\DAV\Connector\Sabre\Directory->createFile()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php - line 527:

Sabre\DAV\Server->createFile()

/var/www/html/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php - line 89:

Sabre\DAV\CorePlugin->httpPut()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 474:

Sabre\DAV\Server->emit()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 251:

Sabre\DAV\Server->invokeMethod()

/var/www/html/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php - line 319:

Sabre\DAV\Server->start()

/var/www/html/nextcloud/apps/dav/appinfo/v1/publicwebdav.php - line 113:

Sabre\DAV\Server->exec()

/var/www/html/nextcloud/public.php - line 81:

require_once(“/var/www/ht … p”)

2

I’m usually not using .rar files on my server, but a quick check showed me, that the following mime type is returned:

# file --mime-type <rar-file>
<rar-file>: application/x-rar
            ^^^^^^^^^^^^^^^^^
3

I tried to use tagging app to see, what mime-type is correct for me. The tag is only applied, when I use x-rar-compressed.

4

I’m still trying to resolve this issue and now I’m trying to do it on GitHub on official app site:
https://github.com/nextcloud/files_accesscontrol/issues/195
There you can find some workarounds, if you want/need.

1 Like
5

Created file /var/www/html/nextcloud/config/mimetypemapping.json and put there this text:

Спойлер

{
“_comment” : “Array mapping file extensions to mimetypes (in alphabetical order)”,
“_comment2”: “The first index in the mime type array is the assumed correct mimetype”,
“_comment3”: “and the second (if present) is a secure alternative”,

    "_comment4": "Any changes you make here will NOT (!!!)  be overwritten on an update of Nextcloud",
    "_comment5": "Any custom mappings are in THIS  file mimetypemapping.json",
    "_comment6": "All mime types were taken from https://aerorock.co.nz/list-of-executable-file-extensions-windows/",

    "bat": ["application/denied"],
    "bin": ["application/denied"],
    "cmd": ["application/denied"],
    "com": ["application/denied"],
    "cpl": ["application/denied"],
    "exe": ["application/denied"],
    "gadget": ["application/denied"],
    "ico": ["application/denied"],
    "inf1": ["application/denied"],
    "ins": ["application/denied"],
    "inx": ["application/denied"],
    "isu": ["application/denied"],
    "job": ["application/denied"],
    "jse": ["application/denied"],
    "lnk": ["application/denied"],
    "msc": ["application/denied"],
    "msi": ["application/denied"],
    "msp": ["application/denied"],
    "mst": ["application/denied"],
    "paf": ["application/denied"],
    "pif": ["application/denied"],
    "ps1": ["application/denied"],
    "reg": ["application/denied"],
    "rgs": ["application/denied"],
    "scr": ["application/denied"],
    "sct": ["application/denied"],
    "shb": ["application/denied"],
    "shs": ["application/denied"],
    "u3p": ["application/denied"],
    "vb": ["application/denied"],
    "vbe": ["application/denied"],
    "vbs": ["application/denied"],
    "vbscript": ["application/denied"],
    "ws": ["application/denied"],
    "wsf": ["application/denied"],
    "wsh": ["application/denied"]

}

And my new mime type filter now looks like this:

/^application/(octet-stream|msexcel|msword|vnd.ms-excel|vnd.ms-powerpoint|vnd.openxmlformats-officedocument.wordprocessingml.document|vnd.openxmlformats-officedocument.spreadsheetml.sheet|vnd.openxmlformats-officedocument.presentationml.presentation|pdf|zip|x-zip-compressed|x-rar-compressed|x-7z-compressed)$|text/(plain|csv)$|image/(jpeg|heic|png)|httpd/unix-directory/I

With this filter I can use rar files, but scripts are blocked.

6

Done forget to use this command to apply these changes:

sudo -u www-data php occ maintenance:mimetype:update-js