diff --git a/apps/sources/forms.py b/apps/sources/forms.py
index 88fe8f01cd..f12ef25c96 100644
--- a/apps/sources/forms.py
+++ b/apps/sources/forms.py
@@ -6,6 +6,7 @@ from documents.forms import DocumentForm
 
 from sources.models import WebForm, StagingFolder
 from sources.widgets import FamFamRadioSelect
+from sources.utils import validate_whitelist_blacklist
 
 
 class StagingDocumentForm(DocumentForm):
@@ -16,6 +17,7 @@ class StagingDocumentForm(DocumentForm):
     def __init__(self, *args, **kwargs):
         cls = kwargs.pop('cls')
         show_expand = kwargs.pop('show_expand', False)
+        self.source = kwargs.pop('source')
         super(StagingDocumentForm, self).__init__(*args, **kwargs)
         try:
             self.fields['staging_file_id'].choices = [
@@ -44,13 +46,21 @@ class StagingDocumentForm(DocumentForm):
 class WebFormForm(DocumentForm):
     def __init__(self, *args, **kwargs):
         show_expand = kwargs.pop('show_expand', False)
+        self.source = kwargs.pop('source')
         super(WebFormForm, self).__init__(*args, **kwargs)
+        print self.instance
 
         if show_expand:
             self.fields['expand'] = forms.BooleanField(
                 label=_(u'Expand compressed files'), required=False,
                 help_text=ugettext(u'Upload a compressed file\'s contained files as individual documents')
             )
+            
+    def clean_file(self):
+        data = self.cleaned_data['file']
+        validate_whitelist_blacklist(data.name, self.source.whitelist.split(','), self.source.blacklist.split(','))
+
+        return data            
 
 
 class WebFormSetupForm(forms.ModelForm):
diff --git a/apps/sources/utils.py b/apps/sources/utils.py
new file mode 100644
index 0000000000..574d81771f
--- /dev/null
+++ b/apps/sources/utils.py
@@ -0,0 +1,37 @@
+import re
+
+from django.core.exceptions import ValidationError
+from django.utils.translation import ugettext
+
+# From http://www.peterbe.com/plog/whitelist-blacklist-logic
+def accept_item(value, whitelist, blacklist, default_accept=True): 
+    """ return true if this item is either whitelisted or  
+    not blacklisted """ 
+    if not whitelist:
+        whitelist = []
+        
+    if not blacklist:
+        blacklist = []
+
+    # note the order  
+    for reject, item_list in ([False, whitelist], [True, blacklist]): 
+        print 'item_list: %s' % item_list
+        print 'reject: %s' % reject
+        for okpattern in item_list: 
+            print 'okpattern: %s' % okpattern
+            if re.findall(okpattern.replace('*','\S+'), value, re.I): 
+                # match! 
+                print 'MATCH'
+                if reject: 
+                    return False 
+                else: 
+                    return True
+
+    # default is to accept all 
+    return default_accept
+
+
+def validate_whitelist_blacklist(value, whitelist, blacklist):
+    print 'blacklist', blacklist
+    if not accept_item(value, whitelist, blacklist):
+        raise ValidationError(ugettext(u'Whitelist Blacklist validation error.'))
diff --git a/apps/sources/views.py b/apps/sources/views.py
index f5d906c0f5..accd288c7e 100644
--- a/apps/sources/views.py
+++ b/apps/sources/views.py
@@ -113,7 +113,8 @@ def upload_interactive(request, source_type=None, source_id=None):
             if request.method == 'POST':
                 form = WebFormForm(request.POST, request.FILES,
                     document_type=document_type,
-                    show_expand=(web_form.uncompress == SOURCE_UNCOMPRESS_CHOICE_ASK)
+                    show_expand=(web_form.uncompress == SOURCE_UNCOMPRESS_CHOICE_ASK),
+                    source=web_form
                 )
                 if form.is_valid():
                     try:
@@ -136,7 +137,11 @@ def upload_interactive(request, source_type=None, source_id=None):
 
                     return HttpResponseRedirect(request.get_full_path())
             else:
-                form = WebFormForm(show_expand=(web_form.uncompress==SOURCE_UNCOMPRESS_CHOICE_ASK), document_type=document_type)
+                form = WebFormForm(
+                    show_expand=(web_form.uncompress==SOURCE_UNCOMPRESS_CHOICE_ASK),
+                    document_type=document_type,
+                    source=web_form
+                )
 
             subtemplates_list.append({
                 'name': 'generic_form_subtemplate.html',
@@ -152,7 +157,8 @@ def upload_interactive(request, source_type=None, source_id=None):
             if request.method == 'POST':
                 form = StagingDocumentForm(request.POST, request.FILES,
                     cls=StagingFile, document_type=document_type,
-                    show_expand=(staging_folder.uncompress==SOURCE_UNCOMPRESS_CHOICE_ASK)
+                    show_expand=(staging_folder.uncompress==SOURCE_UNCOMPRESS_CHOICE_ASK),
+                    source=staging_folder
                 )
                 if form.is_valid():
                     try:
@@ -182,7 +188,8 @@ def upload_interactive(request, source_type=None, source_id=None):
             else:
                 form = StagingDocumentForm(cls=StagingFile,
                     document_type=document_type, 
-                    show_expand=(staging_folder.uncompress==SOURCE_UNCOMPRESS_CHOICE_ASK)
+                    show_expand=(staging_folder.uncompress==SOURCE_UNCOMPRESS_CHOICE_ASK),
+                    source=staging_folder
                 )
             try:
                 staging_filelist = StagingFile.get_all()