Disable attachment and Restrict Extension File for Attachment

S.M.Mobeen_Tirmizi · November 14, 2025, 10:51am

Dear Besties,

I have 2 issues while using RTIR version 6.0.1 having configured nginx:

I tried to disable the “Choose File”option but failed to do so. (PreferDropzone is only worked)
I also tried to restrict the uploading restrictions for only jpg and pdf uploading but fail to do so.

Please guide me on both of issues.

rubberduck · November 21, 2025, 6:17am

No, there is no built in configuration option to do it. You need a kind of programming or a proxy.

There are three approaches in my mind to do this. The client-side solution does not count for security reasons.

RT Scrip (server-side validation)
Add a Scrip that checks uploaded attachments during ticket creation or correspondence. Reject the transaction if the file at all or file extension or MIME type is not in the allowed list. This works on exisiting tickets, too.
Local code overlay / Mason callback
Implement validation in a callback within RT’s Mason templates or Perl modules. This enforces server-side restrictions regardless of the client. This way you can remove the input-fields or check the upload.
External filtering
Use a proxy, upload gateway, or security appliance to filter disallowed files or file types before they reach RT.
Client-side file selection restriction
Add HTML/JavaScript to hide/remove the input-field or limit selectable file types (accept=".pdf,.jpeg,.jpg"). This is not sufficient alone because it can be bypassed, but it improves usability. You have to modify SelfService, too

Solution one is not very handy because the server will accept the file first and then discard the transaction.

Decision between solution two or three is the way I’d go if I need to do this.

Keep in mind there is correspondence by mail. Best way is to strip attachements before they reach RT an set a header to trigger a Scrip informing the sender attachments aren’t allowed.

Andrew_Ruthven · December 13, 2025, 7:00am

Hey,

I have developed support for RT to perform malware scanning of attachments. This is done in RT, so applies to email, web, API and REST interfaces. I had it in the back of my mind that support limiting or blocking file types would be useful, so it has a concept of multiple filters.

I need to do a final review of the code, and then I’ll be submitting it to Best Practical.

Cheers,
Andrew

S.M.Mobeen_Tirmizi · December 13, 2025, 7:19am

Very good

Kindly share the solution when applied, thanks.