Skip to content

Commit 783bf01

Browse files
warnessamaxvp
warnessa
and
maxvp
authored
Create 2025-10-01-new-file-type-support.mdx (#25576)
Co-authored-by: Max Phillips <[email protected]>
1 parent 7009aa4 commit 783bf01

File tree

1 file changed

+25
-0
lines changed

1 file changed

+25
-0
lines changed

src/content/changelog/dlp/2025-10-01-new-file-type-support.mdx

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
---
2+
title: "Expanded File Type Controls for Executables and Disk Images"
3+
description: "Block uploads and downloads of Apple Disk Images (DMG), Microsoft Application Installers (MSIX), and macOS Installer Packages (MPKG) to prevent the transfer of unauthorized software."
4+
date: "2025-10-01"
5+
---
6+
7+
You can now enhance your security posture by blocking additional application installer and disk image file types with Cloudflare Gateway. Preventing the download of unauthorized software packages is a critical step in securing endpoints from malware and unwanted applications.
8+
9+
We have expanded Gateway's file type controls to include:
10+
11+
- Apple Disk Image (dmg)
12+
- Microsoft Software Installer (msix, appx)
13+
- Apple Software Package (pkg)
14+
15+
You can find these new options within the [_Upload File Types_ and _Download File Types_ selectors](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-file-types) when creating or editing an HTTP policy. The file types are categorized as follows:
16+
17+
- **System**: _Apple Disk Image (dmg)_
18+
- **Executable**: _Microsoft Software Installer (msix)_, _Microsoft Software Installer (appx)_, _Apple Software Package (pkg)_
19+
20+
To ensure these file types are blocked effectively, please note the following behaviors:
21+
22+
- DMG: Due to their file structure, DMG files are blocked at the very end of the transfer. A user's download may appear to progress but will fail at the last moment, preventing the browser from saving the file.
23+
- MSIX: To comprehensively block Microsoft Software Installers, you should also include the file type _Unscannable_. MSIX files larger than 100 MB are identified as Unscannable ZIP files during inspection.
24+
25+
To get started, go to your HTTP policies in Zero Trust. For a full list of file types, refer to [supported file types](/cloudflare-one/policies/gateway/http-policies/#supported-file-types).

0 commit comments

Comments
 (0)