Home Guides Bitrix24 File Attachment
Bitrix24 On-Premise

Disable File Attachments & Drag-and-Drop in Bitrix24 On-Premise Chat

A server-side fix that hides the attachment icon, blocks drag-and-drop, and shows a clear popup — all in a single PHP file that survives every Bitrix24 update.

5 min read April 2026 On-Premise only

The Problem

By default, Bitrix24's internal chat allows every user to attach files — via the paperclip icon in the chat toolbar or by dragging and dropping files directly into the chat window. Some organisations need to restrict this for compliance, data security, or internal policy reasons.

⚠️
Why CSS alone won't work

Hiding the button with CSS is unreliable — users can still drag-and-drop files, and CSS overrides can break after updates. A server-side PHP hook is the correct approach.

The Solution

Bitrix24 on-premise provides a local customisation entry point at /home/bitrix/www/local/php_interface/init.php. Any code placed here runs on every page load and is never overwritten by Bitrix24 updates.

💡
Why init.php?

The /local/ directory is your private customisation space. Files here are excluded from the update process, so your changes survive every platform upgrade.

Step-by-Step Instructions

1

SSH in and navigate to the directory

Open Terminal on your Mac and connect to your Bitrix24 server. Then navigate to the local PHP interface directory:

 macOS Terminal
# SSH into your Bitrix24 server
ssh bitrix@your-server-ip

# Navigate to the local PHP interface directory
cd /home/bitrix/www/local/php_interface

# Create init.php if it does not exist yet
touch init.php

If the file already exists with other customisations, append the code in Step 2 — do not overwrite existing content.

2

Add the file attachment restriction code

Open the file and paste in the snippet below. It does three things: removes the attachment button, blocks drag-and-drop, and shows a popup when a user attempts to drop a file.

 /home/bitrix/www/local/php_interface/init.php
<?php
AddEventHandler("main", "OnEpilog", function() {
    if (!defined("BX_COMP_MANAGED_CACHE")) return;

    $script = <<<JS
<script>
(function() {
    "use strict";

    // 1. Remove the attachment button from the toolbar
    function hideAttachButton() {
        [".bx-im-message-form-button--file",
         ".bx-messenger-button-file",
         "[data-bx-im-button=file]"]
        .forEach(function(sel) {
            document.querySelectorAll(sel).forEach(function(el) {
                el.style.display = "none";
            });
        });
    }

    // 2. Block drag-and-drop on chat containers
    function blockDragDrop(container) {
        ["dragover", "dragenter", "drop"].forEach(function(evtName) {
            container.addEventListener(evtName, function(e) {
                e.preventDefault();
                e.stopPropagation();
                if (evtName === "drop") { showNoUploadPopup(); }
            }, true);
        });
    }

    // 3. Show "File uploads are not allowed" toast
    function showNoUploadPopup() {
        var existing = document.getElementById("bx-no-upload-toast");
        if (existing) { clearTimeout(existing._hideTimer); existing.remove(); }
        var toast = document.createElement("div");
        toast.id = "bx-no-upload-toast";
        toast.textContent = "File uploads are not allowed";
        toast.style.cssText = "position:fixed;top:50%;left:50%;
            transform:translate(-50%,-50%);background:#e5373a;
            color:#fff;padding:12px 24px;border-radius:6px;
            font-size:14px;font-weight:600;z-index:999999;
            box-shadow:0 4px 16px rgba(0,0,0,0.25)";
        document.body.appendChild(toast);
        toast._hideTimer = setTimeout(function() { toast.remove(); }, 3000);
    }

    // 4. Watch for dynamically loaded chat components
    var observer = new MutationObserver(function() {
        hideAttachButton();
        document.querySelectorAll(
            ".bx-im-messenger,.bx-messenger-chat,.bx-im-message-form"
        ).forEach(blockDragDrop);
    });
    observer.observe(document.body, { childList: true, subtree: true });
    hideAttachButton();
})();
</script>
JS;
    echo $script;
});
3

Set correct file permissions

Still inside your SSH session, set the correct ownership and permissions:

 macOS Terminal
# Still inside your SSH session:
cd /home/bitrix/www/local/php_interface

# Set correct permissions
chmod 644 init.php
chown bitrix:bitrix init.php

No server restart needed — changes take effect on the next page load.

What Users Will See

Once saved, three things change immediately for all users across your Bitrix24 instance:

🚫

Icon Hidden

Paperclip icon removed from the chat toolbar

🛑

Drag-Drop Blocked

Files dragged into chat are silently rejected

💬

Popup Shown

A red notification appears for 3 seconds

Internal Chat Search chats... SJ Sarah Johnson Sounds good! 2:48 PM MC Michael Chen Let me check... 2:35 PM DW David Williams Meeting at 3pm ET Emma Thompson Thanks! RG Robert Garcia On my way LA Lisa Anderson Please review JW James Wilson Noted, thanks MC Michael Chen ● Online Hey, can you send me the report? 2:30 PM Sure, one moment! 2:32 PM Write a message... File uploads are not allowed Toast popup shown on drop
Fig 1 — The red "File uploads are not allowed" toast appears centred on screen for 3 seconds when a user attempts to drag and drop a file into chat.

Frequently Asked Questions

Does this fix survive Bitrix24 updates?
Yes. The /local/ directory is specifically designed as a safe customisation space that Bitrix24 never touches during upgrades. Your init.php will remain intact after any platform update.
Does this affect Tasks, Drive, or CRM file fields?
No. The selectors and drag-drop listeners target only the internal messenger components (.bx-im-messenger, .bx-messenger-chat, .bx-im-message-form). Task attachments, CRM file fields, and Bitrix24 Drive are unaffected.
Can I whitelist certain users so they can still attach files?
Yes — extend the AddEventHandler callback to check $USER->GetID() or $USER->IsInGroup() before injecting the script. You can skip injection for specific user IDs or group memberships.
Do I need to restart the server after saving?
No restart needed. The init.php file is included on every PHP request, so changes take effect on the next page load.
What if the selector changes in a future Bitrix24 version?
The script targets three known selectors for resilience. The MutationObserver re-runs on every DOM change to catch dynamically rendered elements. If class names change in a future version, simply update the selectors array.
Need a more advanced implementation?

FusionETA specialises in Bitrix24 on-premise customisation — role-based restrictions, audit logging, and enterprise security policies. Get in touch and we'll scope it for you.

Running Bitrix24 On-Premise?

FusionETA helps Malaysian businesses get the most out of Bitrix24 — from custom PHP hooks to full CRM implementations.

Get a Free Consultation ← Back to Guides