This article describes how to deny uploading images, documents, or videos in WhatsApp web conversation by using the application control signature.

FortiGate.

To control web WhatsApp upload traffic would require enabling SSL deep inspection + application control profile in the firewall policy.

1. Go to Security Profiles -> Application Control, select 'Profile Name' and select 'Edit'.
   
   
2. Inside the profile, go to Application and Filter Overrides, and select 'Create New'.
   
   
3. Go to Action Block and Search for the application signature: WhatsApp_Web_File.Upload, right mouse button, and + Add Selected. 

An alternative way is by adding both signatures WhatsApp_Web_File.Upload and WhatsApp_Web_File.Download.

This will block any file that a user wants to download using the same application control profile.

4. Enable the 'QUIC' protocol option with an action block.
                       

   

    

    

Use the application control profile in the firewall policy with SSL deep inspection.  

Load on end-devices the certificate used on SSL/SSH profile to avoid SSL warnings

5. Test the file transfer with a desired file or photo.

The photo was successfully blocked. The exclamation mark at the right indicates that the image could not be transferred. 

Previously, uploaded files are stored in the chat history/cache so attempts of sending the same file will not be treated as an upload. The configured signature blocks all new upload attempts.

Note: The EXE file does not upload/download for WhatsApp as WhatsApp used QUIC, which might not be inspected by SSL deep inspection for versions 7.4.1 and below. As a workaround, disable QUIC in the browser to force it to use HTTPS. 

Related documents:

• APP Control
• Technical Tip: How to enable deep inspection and import a certificate in the browser