Web

How to block ports with Cloudflare

How to block ports with Cloudflare

If you are utilizing Cloudflare as a reverse proxy service for your backend webserver, you may desire to have Cloudflare block certain ports back to your webserver.  Cloudlfare passes along more ports than just 80 and 443 by default as they have expanded their supported ports which means “ports they can pass traffic through” basically.  Below are the ports they support:

HTTP Requests:

80
8080
8880
2052
2082
2086
2095

HTTPS requests:
443
2053
2083
2087
2096
8443

The problem with the way their proxy works, is that there is no way for you to select which ports you want them to pass onto you.  Unfortunately, there appears to be no way to do this if you are using the free plan as you have very few options under their security panel.

However, if you are at least a Pro plan, there is a way to block ports coming to you from Cloudflare other than 80 and 443.

WAF Rule

The following WAF ruleset is found under the Security page and then WAF.  You will see an option for Cloudflare Rule Set.

blockports01

When you select that option, you will have roughly 4 pages of rules.  All the way at the end, there is the rule – Block requests on non standard ports.  The rule language is a little non intuitive, however, you need to set the Mode to Block which sets the rule to active.  In my testing, this blocks everything besides 80 and 443.  Even WHM and cPanel ports look to be blocked with this rule.


blockports02

 

This is especially useful if you utilize Cloudflare and want to restrict these other ports at the cloud level instead of having to deal with it at the server level.  The problem with thinking about having to restrict at the server level is that Cloudflare works as a reverse proxy, so traffic appears to come to you from the Cloudflare IPs so it makes restriction tricky to say the least when trying to differentiate legitimate from illegitimate traffic.

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.