Use the File Extension server validation, For server variable, click the ligtning bolt and select the file Field Simple File Name bindings from the form binding collection.
for the valid file extension list, do not include the dots. for example to allow gif and jpg, the extension list will look like:
gif jpg jpeg