In a previous post I wrote that I live in a part of the world that does not provide unlimited internet.
This means data is valuable, and if I run out of data, I have to pay a premium amount to activate a data add-on which can be quite expensive. There is one router at our apartment, and we all share the data among ourselves, and we hope that we are all using in a fair manner without over spending on streaming, or downloads, in an unfair way.
The easiest way for anyone to do is use the nighttime data for their streaming and downloads, and leave to peak day time data for office and other important work. (Yes if you are reading this from USA, we have peak and off peak time data for home broadband)
A detailed usage report provided by my ISP suggested to me that there is a WhatsApp addict in my apartment, who is spending large amount of data for WhatsApp video calls.
Since I’m the person who is paying the internet bill, and I need data for more important work than making WhatsApp video calls, I wanted a way to stop people from spending my data in unnecessarily ways, and use their own mobile data if they have to make WhatsApp or any other video calls.
Since I can’t go and ask from each and every individual whether they are spending too much time on WhatsApp video calls, I decided to block all WhatsApp communications at the router level.
Initially I thought this would be a walk in the park, just log in to my router dashboard, and block the WhatsApp URL, IP addresses and ports. Just a two minute job.
But this lead me to rabbit hole that too more than several hours, and made me yield without finding a solution.
A search on Google shows that people have been asking for a way to block WhatsApp, going back to several years.
The first approach which I found in a StackOverflow answer was to block the domain c.whatsapp.net according to the answer, this is the domain which handshakes at initiation of the app. And according to the poster, if we can block this domain, we would be able to block initiation a connection to WhatsApp server, and therefore successfully block WhatsApp.
I flagged the domain and tested, but to it did not prove to successfully block WhatsApp.
So I decided to search even further, another answer also posted on StackOverflow told me to block some ports, with TCP and UDP connections. These included TCP ports 5222, 5223, 5228 and 3478.
I painstakingly blocked all upstream and downstream TCP and UDP connections from my router, hoping it would block WhatsApp. But that did not also proved to be effective.
Trying to find an IP addresses
There has to be a way to block WhatsApp right? So why can’t I find an IP address or list of IP addresses, that I can block from my router, and finally block WhatsApp for good?
There was one IP address range that I found in the same SO answer, 22.214.171.124/18.
So I decided to block the IP addresses, and tested to see if it works, but unfortunately that also did not seem to work.
So I did further digging, and came to the GitHub post, which showed a comprehensive list of domains and IP addresses, that according to the poster, should be able to successfully block WhatsApp, or most of the connections to WhatsApp.
There it seems WhatsApp has multiple domains from c.whatsapp.net to c20.whatsapp.com and e.whatsapp.net to e20.whatsapp.com.
Also multiple IP ranges, and ports, but even though I tried all of them, none seemed to work. Why can’t I block a simple app from accessing though my router?
I guess they may have changed their domains, or added more domains and IP addresses by now, since WhatsApp has grown in popularity since most of these answers were posted on different forums.
WhatsApp will tell you their IPs, only if you pay
It seems like WhatsApp shares there IP addresses only to network operators and if you pay them to do it.
WhatsApp is currently providing special pricing campaign service for Mobile operators, the IP pool is only available for those operators. Please note that we have migrated the latest IP pools of WhatsApp to Facebook Mobile Partner Portal and the IP pool update process has been fully automated.https://www.whatsapp.com/cidr.txt
So there is no way for me to know what are the IP addresses and ports that I should block in order to prevent WhatsApp from using my network, without randomly blocking ports and IPs and breaking my access to internet.
It seems almost all the posts I found on the internet, the people who originally asked the question also did not find a clear way to block WhatsApp. So I guess it’s not just me.
So how would you block WhatsApp if you faced with a similar situation? If you want your employees to stop using WhatsApp or other IM service during their working hours?
I’m left with no other option but to change my router password, so no one else can access internet via my router and my internet connection.