This article explains how File Upload Restriction works in Swif, how to configure it as an admin, how to monitor activity in the Shadow IT Insight Dashboard, and what end users see in the browser extension when an upload is blocked.
1. What is File Upload Restriction?
File Upload Restriction lets you control where employees can upload files on the web, based on destination domains.
Swif’s browser extension enforces these rules in the browser, while the admin experience for configuring rules and monitoring events lives in the Swif web app.
At a high level:
Admins define rules under Team settings that specify:
Which user groups the rule applies to.
Which domains are restricted (or covered by policy).
The Swif browser extension:
Detects file upload attempts in the browser.
Checks those uploads against the configured rules.
Blocks or restricts uploads when they violate policy.
Shows an inline Blocked Upload Notice to the user.
The Shadow IT Insight Dashboard:
Surfaces blocked file upload metrics and per‑user activity so admins can monitor and investigate.
For background on the extension, see:
How the extension works with the MDM agent:
How Swif’s Browser Extension Works With the MDM Agent | Help Center | Swif.aiBrowser extension security & privacy:
Browser Extension Security and Privacy in Swif | Help Center | Swif.ai
2. Admin Setup: File Upload Restriction (Team Settings)
2.1 Where to configure File Upload Restriction
In the Swif web app, go to Settings → Teams.
Select the team you want to configure.
Open File Upload Restriction.
You’ll see a File Upload Restriction rule list for that team.
2.2 File Upload Restriction rules
A rule defines which uploads should be restricted for a given team. Each rule typically includes:
Rule name – human‑readable title for the policy.
Status – active/disabled.
Scope of users – one or more User Groups the rule applies to.
Domain coverage – which destinations are controlled by this rule.
The rules list view shows:
All existing rules for the team.
A clear empty state when there are no rules, including a Create rule call‑to‑action.
A summary per rule (e.g., name, status, high‑level domain coverage).
2.3 Creating or editing a rule
From the File Upload Restriction page:
Click Create rule (or edit an existing rule).
A modal opens for rule configuration.
Key behaviors in the rule modal:
Required-field validation
You must provide required inputs (e.g., rule name, at least one user group, domain coverage).
The UI shows inline validation if you attempt to save with missing required fields.
User Groups
Select one or more target User Groups.
Tooltips and dropdown behavior are tuned so content is readable and doesn’t obstruct selection.
Domain guidance
The modal includes a Domain guideline/instructions section explaining acceptable formats (e.g., how to enter domains, wildcard expectations, etc.).
2.4 Domain configuration options
You can configure domains in two main ways:
A. Manual domain entry (“Domain” mode)
Use this mode when you want to type or paste domains directly.
Add one or more domains manually (e.g.,
example.com,subdomain.example.com).The system:
Validates inputs where applicable.
Preserves wildcard patterns (such as
*.example.com), or clearly surfaces validation errors if a pattern is not supported—there should be no silent removal of wildcards.Handles duplicates and whitespace sensibly, so you don’t need to pre‑deduplicate the list.
B. Domain list upload (“Domain List” mode)
Use this mode when you have a larger list of domains.
Switch from Domain to Domain List mode in the modal.
Upload a file containing domains (e.g., CSV).
Save the rule.
Behavior and expectations:
Supported file types
CSV is explicitly supported. Other file types may be available depending on your environment; unsupported file types return a clear error and do not proceed.
Parsing and validation
The upload parses the domain list and loads it into the rule.
Whitespace and duplicates are handled gracefully.
If the file content is invalid (e.g., no usable domains), you’ll see a clear validation error instead of a silent failure.
Wildcard domains
As with manual entry, wildcard domains are preserved when supported, or clearly surfaced with validation errors if not.
2.5 Saving or discarding changes
Save changes
When you click Save changes, the rule is validated.
If validation passes, the rule is stored and appears in the list with the correct values.
Cancel / Close
If you close the modal or click Cancel before saving, changes are discarded.
Reopening the modal shows the last saved state.
3. How the Browser Extension Blocks File Uploads
The Swif browser extension is responsible for enforcing upload restrictions in supported browsers (such as Chrome and Edge).
3.1 What the extension does at upload time
When a user attempts to upload a file in the browser (e.g., in a SaaS app or website):
The extension detects the file upload event.
It evaluates:
Which organization the device belongs to.
Which user / user group is active (including scenarios using an employee non-login token, where applicable).
The destination domain of the upload.
It checks these details against your configured File Upload Restriction rules.
Based on policy:
If the upload is allowed → the extension does not interfere, and no notice is shown.
If the upload is restricted:
The extension blocks or restricts the upload.
It shows a Blocked Upload Notice to the user.
3.2 Blocked Upload Notice (end‑user experience)
When an upload is blocked or restricted:
A Blocked Upload Notice appears near the upload flow.
The notice explains, in plain language, that the upload was blocked or restricted by your organization’s policy.
Visual behavior:
Matches the product design (layout, colors, typography, spacing).
Appears in a consistent, non‑intrusive location.
Handles long filenames and long messages without breaking layout (content wraps or truncates gracefully).
Dismissal & repeated events
Users can typically dismiss the notice (e.g., via a close icon or button).
Once dismissed, the same blocked event will not keep resurfacing the notice.
If the user tries another upload that is also blocked, a new notice appears according to the extension’s notification rules (e.g., reuse or replace the previous notice without messy stacking).
Calls to action
Depending on your configuration and product copy, the notice may include:
“Learn more” / “View policy” – links to your help center or policy documentation.
“Contact admin / IT” – routes the user to a support or contact channel.
These CTAs are wired to the appropriate URLs or in‑extension views.
3.3 Accessibility & supported browsers
The Blocked Upload Notice is designed to be accessible:
Keyboard‑accessible (users can interact with it via keyboard).
Screen readers:
Announce the notice using appropriate ARIA roles (e.g.,
role="alert"or similar).
Visual design respects high‑contrast modes and aims for WCAG AA color contrast where possible.
The notice is implemented across the browsers where the Swif extension is supported (for example, Chrome and Edge).
4. Monitoring Blocked Uploads in the Shadow IT Insight Dashboard
Once File Upload Restriction is configured and the browser extension is installed on devices, admins can monitor outcomes via the Shadow IT Insight Dashboard.
Navigate to:
Shadow IT → Insight Dashboard
Two key widgets relate to file upload restriction.
4.1 “File Upload Blocks” KPI widget
This is a key performance indicator (KPI) showing the total number of blocked file upload events across your environment, over the selected time window.
Use this widget to quickly answer:
“How many uploads has Swif blocked recently?”
“Is the volume of blocked uploads increasing or decreasing?”
If there is no data for the selected period, the widget shows an empty state instead of misleading zeros or broken UI.
4.2 “Blocked File Uploads” activity widget
This widget surfaces users who have had file uploads blocked on restricted domains.
It typically shows:
User identity (e.g., name/email).
Basic context about blocked attempts (e.g., domain or frequency summary, depending on implementation).
You can:
Click on a specific user row to open a detail panel.
Use the detail panel to:
Investigate which destinations are causing blocks.
Understand patterns (e.g., a particular team repeatedly trying to upload to unsanctioned apps).
As with the KPI widget, when there are no blocked events, the activity widget displays a clear empty state (not just a blank card).
5. Typical Workflow: From Policy to Insight
Putting it all together:
Configure rules
Go to Settings → Teams → File Upload Restriction.
Define rules for relevant user groups and domains (manual entry or CSV/domain list upload).
Ensure the extension is deployed
Install the Swif browser extension on your managed devices.
Confirm that devices are correctly associated with your organization (including support for employee non‑login tokens where used).
Users attempt uploads
On allowed domains, uploads proceed normally with no user‑facing change.
On restricted domains, the upload is blocked or restricted and a Blocked Upload Notice is shown.
Monitor and respond
Open Shadow IT → Insight Dashboard.
Use:
File Upload Blocks KPI for overall volume.
Blocked File Uploads activity widget for per‑user insights.
Adjust rules if needed (e.g., tighten policy for high‑risk destinations, or relax it for sanctioned apps).