To block a file you need to perform filtering on the client side.
Now - any client side mechanism can pretty much easily be fooled, like using, from name change, through encryption, zipping, other transformations, etc.
So you need to be more specific as to what you need to accomplish, so that we can help.
What large systems usually do is they use a
"Demilitarized Zone"[
^] that will receive incoming data/files/uploads and will decide what goes in the internal network etc.
Hope it's a start. You are welcome to provide more details on your needs and we can help further.
Cheers,
Edo