Support
      Back to home
      1. SecureDynamics Knowledge Base
      2. Support

      Block WhatsApp Web in Zscaler Internet Access (ZIA)

      Block WhatsApp Web in Zscaler Internet Access (ZIA) using Cloud App Control or via SSL Inspection policy. Both approaches depend on Zscaler’s pre-defined Cloud Application “WhatsApp Web” under the Instant Messaging category

      Method A (Recommended): Block via Cloud Application Control

      This method uses Zscaler’s application signatures and works even if the hostname or IPs change.

      1. Navigate → Policy ▸ Cloud App Control Policy
      2. Click add rule and select the category: Instant Messaging
      3. Name the rule: Block – WhatsApp Web.
      4. Users/Groups/Locations: choose the segment you want to block (or Any for global).
      5. Select WhatsApp Web as the Cloud Application.
      6. Action: set to Block.
      7. (Optional) Schedule/Time Window: configure if you only want to block during work hours.
      8. Click Save.
      9. Activate changes. The policy is not live until activated.

      Expected user experience: The browser session to web.whatsapp.com (and related WhatsApp Web endpoints) is blocked and the Zscaler block page is shown.

      Figure 1: Whatsapp Web Policy Configuration to block access using Cloud App Control Policy

      Method B: Block via SSL Policy

      Use this if you manage restrictions primarily in SSL policy or want the control near other TLS rules.

      1. Navigate → Policy ▸ SSL Inspection 
      2. Click Add Rule.
      3. Name the rule: SSL Block – WhatsApp Web.
      4. Users/Groups/Locations: set scope as needed.
      5. Cloud App: select WhatsApp Web (Category: Instant Messaging).
      6. Action: Block.
      7. Click Save.
      8. Activate changes.

      Notes:

      • This controls access based on the app signature at the SSL policy layer. It is separate from decryption decisions. You do not need to decrypt WhatsApp to block it when using the Cloud Application.

      Figure 2: Whatsapp Web Policy Configuration to block access using SSL Inspection Policy

      Validation & Monitoring

      1. From a policy-targeted user, browse to https://web.whatsapp.com.
        • You should see the Zscaler block page(As below screenshot)
      2. In ZIA, go to Analytics ▸ Web Insights
        • Filter by Cloud App = WhatsApp Web, Action = Blocked.
        • Confirm hits appear from expected users/locations.

      Figure 3: Whatsapp Web page block

       

      Figure 4: Whatsapp Web logs