Enable File Type Controls

Cisco Secure Access provides security use controls in the Web profile. One of the security controls—File Type Blocking—defines access to certain types of files. Once File Type Blocking is enabled, if a user device attempts to download a selected file type, Secure Access presents a Block page instead of the requested resource.

Secure Access checks a file based on its file extension and detects whether the extension has been changed. For example, if a .gif file extension is changed to .xyz, Secure Access can detect that the file is a .gif.


Blocking some file types may cause a website not to display correctly.

Table of Contents


  • Full Admin user role. For more information, see Manage Accounts.
  • You must enable decryption in the same Web profile.


  1. Navigate to Secure > Web Profiles,
  2. Add a web profile or expand an existing web profile.
  3. For Security and Acceptable Use Controls > File Type Blocking, click Edit.
  1. Check the categories of the file types to choose all file types in the group, or expand a file type category to choose specific file types. For more information about available file types, see File Types to Block.
    Note: When an entire file type group is selected, all future file types added to that group are also blocked.
  1. Click Save.

Use this web profile in an access rule to apply it to traffic.

Manage File Type Control < Enable File Type Control > File Types to Block