This article describes how to deny uploading images, documents, or videos in WhatsApp web conversations by using the application control signature.

FortiGate.

To control web WhatsApp upload traffic would require enabling SSL deep inspection + application control profile in the firewall policy.

1. Go to Security Profiles -> Application Control, select 'Profile Name', and select 'Edit'.
   
   
2. Inside the profile, go to Application and Filter Overrides, and select 'Create New'.
   
   
3. Go to Action Block and search for the application signature: WhatsApp_Web_File.Upload, right mouse button, and + Add Selected. 

An alternative way is by adding both signatures, WhatsApp_Web_File.Upload and WhatsApp_Web_File.Download.

This will block any file that a user wants to download using the same application control profile.

4. Enable the 'QUIC' protocol option with an action block.
                       

   

    

Use the application control profile in the firewall policy with SSL deep inspection .

Note: Use firewall policy inspection-mode in the proxy.

Load on end-devices the certificate used on the SSL/SSH profile to avoid SSL warnings.

5. Test the file transfer with a desired file or photo.

The photo was successfully blocked. The exclamation mark at the right indicates that the image could not be transferred. 

Previously, uploaded files are stored in the chat history/cache, so attempts to send the same file will not be treated as an upload. The configured signature blocks all new upload attempts.

Note: The EXE file does not upload/download for WhatsApp as WhatsApp uses QUIC, which might not be inspected by SSL deep inspection for versions 7.4.1 and below. As a workaround, disable QUIC in the browser to force it to use HTTPS.

Important: Without SSL deep inspection, FortiGate will not be able to identify the WhatsApp Web file upload signature as the traffic is encrypted. 

Related documents:

• APP Control
• Technical Tip: How to enable deep inspection and import a certificate in the browser