Network ports
Learn which network ports Cloudflare proxies by default and how to enable Cloudflare’s proxy for additional ports.
Network ports compatible with Cloudflare’s proxy
By default, Cloudflare proxies traffic destined for the HTTP/HTTPS ports listed below.HTTP ports supported by Cloudflare
HTTPS ports supported by Cloudflare
Caching is disabled for the following ports
How to enable Cloudflare’s proxy for additional ports
If traffic for your domain is destined for a different port than listed above, either:
- Add the subdomain as a gray-clouded record via your Cloudflare DNS app, or
- Enable Cloudflare Spectrum .
Block traffic on ports other than 80 and 443 in Cloudflare paid plans by doing one of the following:
- If you are using Cloudflare Firewall, enable rule ID 100015: “Anomaly:Port - Non Standard Port (not 80 or 443)”.
- If you are using the new Cloudflare Web Application Firewall (WAF)
, create a Custom Firewall rule for this purpose (rule ID 100015 was deprecated in the new WAF). For example, you could use a rule configuration similar to the following:
- Expression:
not (cf.edge.server_port in {80 443}) - Action: Block
- Expression:
Ports 80 and 443 are the only ports compatible with:
- HTTP/HTTPS traffic within China data centers for domains that have the China Network enabled, and
- Proxying of Cloudflare Apps
- Cloudflare Caching