diff --git a/README.md b/README.md
index 9966bb99..4bbb2fc1 100644
--- a/README.md
+++ b/README.md
@@ -77,6 +77,12 @@ The hostname to provide a client when attempting a passive connection (`PASV`).
 
 __Default:__ `"127.0.0.1"`
 
+#### `deny_extension`
+Deny specific file extension, if you define it, those file with not allowed to upload, rename and delete. 
+__Example:__ `['exe', 'dll', 'bat', 'cmd', 'vbs', 'inf', 'vbe','vbs','com', 'ws', 'reg']` will not allow users to delete , rename ,upload any files.  
+__Default:__ `[]`
+
+
 #### `pasv_min`
 Tne starting port to accept passive connections.  
 __Default:__ `1024`
diff --git a/src/commands/registration/dele.js b/src/commands/registration/dele.js
index f8ef36cf..92666c1f 100644
--- a/src/commands/registration/dele.js
+++ b/src/commands/registration/dele.js
@@ -1,4 +1,6 @@
 const Promise = require('bluebird');
+const path = require('path');
+const _ = require('lodash');
 
 module.exports = {
   directive: 'DELE',
@@ -6,6 +8,13 @@ module.exports = {
     if (!this.fs) return this.reply(550, 'File system not instantiated');
     if (!this.fs.delete) return this.reply(402, 'Not supported by file system');
 
+    const fileName = command.arg;
+    //过滤指定文件拓展名
+    if (_.includes(this.server.options.deny_extension, _.lowerCase(path.extname(fileName))) ) {
+      return this.reply(502, 'file extension blacklisted');
+    }
+
+
     return Promise.try(() => this.fs.delete(command.arg))
     .then(() => {
       return this.reply(250);
diff --git a/src/commands/registration/rnfr.js b/src/commands/registration/rnfr.js
index b8be20b1..f1aad14e 100644
--- a/src/commands/registration/rnfr.js
+++ b/src/commands/registration/rnfr.js
@@ -1,4 +1,7 @@
 const Promise = require('bluebird');
+const path = require('path');
+const _ = require('lodash');
+
 
 module.exports = {
   directive: 'RNFR',
@@ -7,6 +10,12 @@ module.exports = {
     if (!this.fs.get) return this.reply(402, 'Not supported by file system');
 
     const fileName = command.arg;
+
+    //过滤指定文件拓展名
+    if (_.includes(this.server.options.deny_extension, _.lowerCase(path.extname(fileName))) ) {
+      return this.reply(502, 'file extension blacklisted');
+    }
+
     return Promise.try(() => this.fs.get(fileName))
     .then(() => {
       this.renameFrom = fileName;
diff --git a/src/commands/registration/stor.js b/src/commands/registration/stor.js
index 91f54faa..95971959 100644
--- a/src/commands/registration/stor.js
+++ b/src/commands/registration/stor.js
@@ -1,4 +1,6 @@
 const Promise = require('bluebird');
+const path = require('path');
+const _ = require('lodash');
 
 module.exports = {
   directive: 'STOR',
@@ -9,6 +11,13 @@ module.exports = {
     const append = command.directive === 'APPE';
     const fileName = command.arg;
 
+    console.log(_.lowerCase(path.extname(fileName)))
+    //过滤指定文件拓展名
+    if (_.includes(this.server.options.deny_extension, _.lowerCase(path.extname(fileName))) ) {
+      return this.reply(502, 'file extension blacklisted');
+    }
+
+
     return this.connector.waitForConnection()
     .tap(() => this.commandSocket.pause())
     .then(() => Promise.try(() => this.fs.write(fileName, {append, start: this.restByteCount})))