Fileblock

One of the things that I get asked the most is how to prevent a user from accessing the local file system from within Firefox. This generally means preventing file:// URLs from working, as well as removing the most common methods of opening files from the Firefox UI (the open file button, menuitem and shortcut). Because I consider this outside of the scope of the CCK2, I wrote an extension to do this and gave it out to anyone that asked. Unfortunately over time it started to have a serious case of feature creep.

Going forward, I’ve decided to go back to basics and just produce a simple local file blocking extension. The only features that it supports are whitelisting by directory and whitelisting by file extension. I’ve made that available here. There is a README that gives full information on how to use it.

For the other functionality that used to be a part of FileBlock, I’m going to produce a specific extension for each feature. They will probably be AboutBlock (for blocking specific about pages), ChromeBlock (for preventing the loading of chrome files directly into the browser) and SiteBlock (for doing simple whitelisting).

Hopefully this should cover the most common cases. Let me know if you think there is a case I missed.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

18 thoughts on “Fileblock

  1. This sounds like something for the kind of “Don’t do as I do, do as I say” kind of high-handed sysadmin. I’d bet anyone getting such an extension would apply it on anyone’s browser _except_ his own. As long as we’re there, let’s block http, ftp, mailto and irc links as well (again, on everyone’s browser except the sysadmin’s own). https we’ll grudgingly allow, but only on a handful of carefully selected and whitelisted sites. The company’s own, for instance, but never *.wikipedia.org or *.mozilla.org. The company’s time is meant for “all work no play” and those sites are not for company employees to play with on company time.

    Mike, I’m not criticizing you — you’re in it for the business that gets you your daily bread and you have to sell your products to those who are willing to pay for them. It’s your customers’ frame of mind which sounds foreign to my way of thinking.

    Best regards,
    Tony.

    You can’t take it with you — especially when crossing a state line.

    • You’re only thinking of one use case (the desktop user).

      That’s not necessarily what things like this are for.

      Think of internet cafes, libraries, computer labs in elementary schools, kiosks, the workstation at the hospital that all the nurses use, the computer that’s used to design kitchens at your home store, the computer that’s at a used car dealers for browsing cars, the computer that is on the factory floor for everyone to use.

      Everyone tends to think enterprise means the guy/gal sitting behind their desk, but people and companies use computers in ways that we don’t even know. They need to have this kind of control.

  2. Where do you place the file fileBlockService.js

    As to Mike’s comments.
    If you are responsible for a terminal server you would see the value in FileBlock.

  3. Hi Mike,

    Can you please give me the easy way to install fileBlockService.js file. In my case, I need to block the complete directory/file display in my RHEL7 machine. Please explain me in simple steps. I never played with firefox before until now when my lead told to do this.

    • There is a README in the file that tells how to install it.

      Best way is to create a distribution/bundles/fileblock directory under Firefox and unzip there.

  4. Hi!

    FileBlock is unsigned, and Firefox will no longer allow it to be installed when Firefox v46 comes out. Is there anyway I can get a signed version?

    Thank you,

    Craig

    • Sorry about that. I didn’t expect most people to install the XPI directly (because they have to modify the the component to allow certain directories).

      I’ll get the base version signed and uploaded.

            • ? I don’t understand.

              Search addons.mozilla.org for Fileblock (but not yet — give Mike a few days to upload it). There should be a green “Install in Firefox” button there. If you left-click that, the extension will install into your current Firefox profile, but if you _right_ click the green button you get a rolldown menu with several options, one of which is “Save Link As…” Clicking that lets you download the XPI wherever you wish.

              If you modify it, however, recent Firefox versions will regard that as “tampering” and refuse to install the modified XPI, of course.

            • Because the file block extension is customized (usually people add white/blacklist), I didn’t intend for it to be distributed on AMO.

              You should feel free to create your own version of fileblock and submit it for signing.

  5. Didn’t work for me!
    I’m pretty sure that I’m missing some basic steps. So I unzipped fileblock-1.0.xpi’s content to “C:\Program Files\Mozilla Firefox\distribution\bundles\fileblock”

    BTW, on the README file it says create the “bundles” directory under CCK2directory, but then on the comments you say put it here: “C:\Program Files\Mozilla Firefox\distribution\” !