Might depend, however I’d give it a try with, e.g. if you’re using other parts of your domain on the specific port, however since your rule matches all sub-domains, you could block the traffic on all ports except 443 on hostname which contains example.com (would match any subdomain as well):
(http.host contains "example.com" and not cf.edge.server_port in {443})
With the action block as follows:
Following the Traffic sequence, since WAF rules executes before Workers, therefrom anyone trying to visit example.com:2083/something or sub.example.com:2083/something would be presented with the default Cloudflare WAF block page.
Nevertheless, only traffic on 443 (HTTPS default) port would be ok.
Keep in mind, using above expression, any other port as well as 2096 or other compatible network ports from the list would also be blocked:
Except, if you could bind the a Worker to accept and be working only on 443 within the code?