TL;DR
You can block file transfers on WhatsApp Web without stopping chats by using a firewall or proxy server to filter traffic based on the file types sent and received. This guide explains how to achieve this, focusing on practical methods suitable for both home and office networks.
Solution Guide
- Understand How WhatsApp Web Transfers Files
- Choose Your Blocking Method
- Firewall: More technical, but offers granular control and is suitable for permanent blocking. Requires access to your firewall’s configuration.
- Proxy Server: Easier to set up, especially if you already have a proxy server running. Can be used for temporary or conditional blocking.
- Firewall Blocking (Example using pfSense)
- Identify WhatsApp Web Traffic: Use a packet capture tool like Wireshark to analyze traffic while sending/receiving files on WhatsApp Web. Look for patterns in the HTTP headers (specifically the User-Agent string and destination domains). Common domains include
web.whatsapp.com,media.whatsapp.comand related CDN addresses. - Create a Firewall Rule: In pfSense, go to Firewall > Rules. Create a new rule on the interface where WhatsApp Web traffic passes (usually LAN).
- Rule Configuration:
- Action: Block
- Interface: Your LAN interface
- Protocol: TCP
- Source: Any
- Destination: Single host or alias containing the WhatsApp Web domains identified in step 1.
- Destination Port Range: HTTPS (443)
- Layer 7 Filtering: Enable Layer 7 filtering and create a rule to block specific MIME types associated with common file extensions (e.g., image/jpeg, application/pdf, audio/mpeg). You’ll need to add multiple rules for different file types.
- Example Layer 7 Rule: To block JPEG images:
Layer 7 Filter Name: BlockJPEG Filter: Regular Expression Regex: Content-Type: image/jpeg - Save and Apply Changes: Ensure the rule is placed in the correct order (blocking rules should generally be higher up the list).
- Proxy Server Blocking (Example using Squid)
- Configure Squid: Edit your
squid.conffile (usually located in/etc/squid/squid.conf). - Add ACLs: Define Access Control Lists (ACLs) to identify WhatsApp Web traffic and the file types you want to block.
acl whatsapp_web dstdomain .web.whatsapp.com media.whatsapp.com acls mime_type image/jpeg|image/png|application/pdf|audio/* video/* - Create a Blocking Rule: Add a rule to deny access based on the ACLs.
http_access deny whatsapp_web mime_type http_access allow all - Restart Squid: Restart the Squid service to apply the changes. The command varies depending on your operating system (e.g.,
sudo systemctl restart squid). - Testing Your Configuration
- Attempt to send various file types through WhatsApp Web. They should be blocked.
- Verify that text chats still function normally.
- Check your firewall or proxy server logs for any unexpected blocking of legitimate traffic.
- Important Considerations
- HTTPS Inspection: Blocking based on content requires HTTPS inspection (also known as SSL/TLS interception). This can introduce security risks if not configured correctly. Ensure you understand the implications before enabling it.
- CDN Addresses: WhatsApp Web uses Content Delivery Networks (CDNs) with frequently changing IP addresses. You may need to update your firewall rules or proxy server configuration periodically.
- User-Agent Spoofing: Advanced users could potentially bypass blocking by spoofing their User-Agent string.
WhatsApp Web doesn’t use a standard port for file transfers. It relies on the same HTTPS connection (port 443) as regular web browsing. This makes blocking files directly by port difficult. Instead, you need to inspect the content of the traffic.
There are two main approaches:
This example uses pfSense, but the principles apply to other firewalls.
This example uses Squid, a popular proxy server.
After implementing either method, test thoroughly: