Network ports
Learn which network ports Cloudflare proxies by default and how to enable Cloudflare’s proxy for additional ports.
Network ports compatible with Cloudflare’s proxy
By default, Cloudflare proxies traffic destined for the HTTP/HTTPS ports listed below.
HTTP ports supported by Cloudflare
- 80
- 8080
- 8880
- 2052
- 2082
- 2086
- 2095
HTTPS ports supported by Cloudflare
- 443
- 2053
- 2083
- 2087
- 2096
- 8443
Caching is disabled for the following ports
- 2052
- 2053
- 2082
- 2083
- 2086
- 2087
- 2095
- 2096
- 8880
- 8443
How to enable Cloudflare’s proxy for additional ports
If traffic for your domain is destined for a different port than listed above, either:
- Add the subdomain as a gray-clouded record via your Cloudflare DNS app, or
- Enable Cloudflare Spectrum .
Block traffic on ports other than 80 and 443 in Cloudflare paid plans by doing one of the following:
- If you are using WAF managed rules, enable rule ID 100015: “Anomaly:Port - Non Standard Port (not 80 or 443)”.
- If you are using the new
Cloudflare Web Application Firewall (WAF)
, create a
custom rule
for this purpose (rule ID 100015 was deprecated in the new WAF). For example, you could use a rule configuration similar to the following:
- Expression:
not (cf.edge.server_port in {80 443}) - Action: Block
- Expression:
Ports 80 and 443 are the only ports compatible with:
- HTTP/HTTPS traffic within China data centers for domains that have the China Network enabled, and
- Proxying of Cloudflare Apps
- Cloudflare Caching