4.2.1.2. FileSpec

4.2.1.2.1. Synopsis

FileSpec is made to create filters on files and directories. You need to create a parent rule with a dedicated and unique name and apply it as a child tag in any other parent tag.

4.2.1.2.2. Options

Name	Default	Values	Since version	Context
FileSpec	null	name	1.30	Filters for any parent tags

4.2.1.2.3. Examples

In this example, we created a FileSpec called AllowedExtensions which deny accessing to files with .exe or .sh extensions:

<FileSpec AllowedExtensions>
    # Only check against filenames/folder names only
    UseFullPath false

    # we can use multiple deny/allow directives for clarity
    Order DenyAllow
    Deny ".*.exe$"
    Deny ".*.sh$"
    Allow all
</FileSpec>

As the second example, we want to force users to only have access to data and home directories. For that we’re using regex:

<FileSpec OnlyDataAndHome>
    # Here, we check against the full absolute path
    # instead of just the filename or foldername
    UseFullPath true

    # We define the order in which paths are evaluated
    Order AllowDeny

    # Allow any full path that starts with /data or /home
    Allow "^/(data|home)"
    Deny all
</FileSpec>

To finish, we want to apply those filters in the default configuration:

<Default>
    ApplyFileSpec OnlyDataAndHome,AllowedExtensions
</Default>

As you seen, you can add with a separated comma multiple FileSpec filters at once.