White list and security

Hi your project is one of the most adequate, very comfortable, I like!

  • ability to use on Windows XP (not all products have such an opportunity)
  • ability to remotely configure clients (comfortable web interface)
  • ability to ignore delete files (Advanced Configuration - ignoreDelete)
  • ability to ban delete files on the master folder (Folder Type - Master)
  • ability to save files to the timestamp (Simple File Versioning) Сan proud of his project!

I need your help on the following issues and my proposals for your project

Backup files How to protect files from encryption from viruses extortionists?

  1. need a white list (to protect against renaming files): a) disallow the appearance of extensions: *.cripttt *.blocked *.vault *.da_vinci_code *.better_call_saul *.breaking_bad *.cbf *.RR0D *.ENCODED *.magic_software_syndicate *.enigma *.zepto *.cerber *.xtbl *.cerber *.onion *.WINDOWS10 *.fun *.kkk *.btc *.enc *.7D174 *.cab … b) what to do if the files extension will be such: *.cab *.zip *.doc *.docx …
  2. need block the virus renaming and changing the original file:
  • if the file was document.docx synchronized, PC infected with a virus and started the extension * .cripttt, in resync it should not be encrypted
  • document.docx ->- document.docx (copy the original file)
  • document.docx -x- document.cripttt (not to copy an encrypted file)


  1. need logout session web interface or automatically after a time
  2. need white list of allowed subnets for the web interface ( or


1 Like

Hi Vitokhv,

I’m not sure exactly what you are trying to do. Do you want to use Syncthing as a backup solution? To protect against the “crypto-locker” type of malware?

If so, you should know that Syncthing is not a backup tool. You might be able to use it as part of a backup system; I’m sure people are doing that. But I think you should instead use something that is explicitly designed for backups.

You can add a security project? Security

  1. need logout session web interface or automatically after a time
  2. need white list of allowed subnets for the web interface ( or

I just wanted to suggest adding whitelist extensions: Disallow sync all but: *.doc *.docx *.xls *.xlsx *.txt *.pdf *.jpg *.tif and other…

What I have shown in the screenshot It is already working in the program :relieved: Lacking only the whitelist and security :sweat:

Not sure what you mean with the first one. There is no session for the WebUI, just “Basic Authentication”. It authenticates on every new request, it’s just your browser that caches the credentials so you don’t have to enter it each time. Therefore, you cannot log out, because you cannot even log in. Just close your browser or clear its authentication cache.

Configure your local firewall as you wish. But actually, I don’t see what you want to archive. There is no need to expose the WebUI for syncing files.

Can be archived with ignores. But “disallowing” certain certain file extensions doesn’t make sense in your case, because when a file “asdf.docx” is renamed to “asdf.docx.bla” and you ignore *.bla, syncthing will think that “asdf.docx” was deleted and will propagte this change (the deletion).

But as @lfam said, syncthing is not a backup solution. It will never protect you against virus-caused file changes or accidental file corruption, because it cannot distinguish between “good” and “bad” file changes.

An IP white list on the admin UI wouldn’t be completely out of the question. File a ticket on Github. :slight_smile:

As for the other stuff I think it’s outside of our domain. I suggest syncing to a machine with real file system snapshots taken regularly, and then off site copies.

Don’t count on Syncthing protecting against ransom ware, make it not matter instead.

You already have this ability with the ignore list.


1 Like

You mean adding a mask to exclude the needed extensions and deny everything else another mask?



Watch the video with my tests (whitelist protection of the lockers):

Looking at the video you suggest ignoring deletes. Why not use trash can versioning?

That way you can see the current state of the folder and look in the .stversions folder to find ones that have been deleted. You can also set it to delete files that are older than x days so you will not have every file that has ever been present in the share stored in one heap.

Trash Can File Versioning - Replaces the renamed files

doc1.txt (with the content of the file) = doc1.txt (empty file)

delete original files > create new files > rename to the same name = replaces original files to trash

Did you choose a versioning system? If so sorry, didn’t realise. I thought you were just replying on the ignore delete option in which case you still end up with an empty file.

Yes, like so:

.stversions only works if the file is replaced at once, but if the old file with the name doc1.txt delete and create a new one with the same name, it is replaced in .stversions

You need to add the ability to not load empty files :relieved:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.