Blocking WhatsApp

Sparky5 · September 27, 2023, 12:46pm

Balance 20X, v8.3, 1 FTTH WAN, 7 WiFi VLANS- no inter-VLAN routing

Looking for guidance on the subject of blocking Whatsapp application from residential LAN.
My wife is addicted to WhatsApp. I view this application as dangerous but I don’t understand how it might be be fully blocked first, or allowed on selected VLAN’s only?

Interesting fact: in the router configuration “Customized Domains”, you can add WhatsApp.com. At this point WhatsApp still works normally except for receiving photos or videos. Obviously this means that data comes from multiple dynamic WhatsApp server addresses.

Questions for study on my part:

With network security in mind is it advisable to block WhatsApp and let the users set up proxy for access?
How to effectively block this application and prevent ugly things from happening to the LAN?
Can specific computers on the LAN be denied or allowed access to WhatsApp?

Thanks for any guidance on this issue!
Sparky5

Captain_Nik · September 27, 2023, 9:56pm

Hi there!

We’ve done this before using domains and IPs as per below,
web.whatsapp.com
mmx-ds.cdn.whatsapp.net
I recommend that you block all the sub-domains or setup a wildcard before the domain name to capture all (.web.whatsapp.com, .whatsapp.net)

We did also include these IPs:
157.240.220.60 (Facebook)
157.240.206.60 (Facebook)
31.13.93.53 (Meta)

Be aware this may block some Facebook stuff too.

Cheers