Can I use "not cf.edge.server_port in {80 443 22}" in a firewall rule on the free plan?

Hi, Can I use this in the WAF as a rule to block all traffic except in ports 80, 443 and 22?

http.host eq "example.com" and not cf.edge.server_port in {80 443 22}

Is this rule correct? Do I use URL Full for the field?

Will this work with the free Cloudflare plan?

Thanks

What are you trying to do? re: 22, we wont proxy traffic to port 22 unless you purchase Spectrum.

If you want to only allow traffic to 80 and 443 HTTP ports, then http.host eq "example.com" and not cf.edge.server_port in {80 443} works for me on my free plan zone.

3 Likes

Thanks! I understand that to proxy port 22 I need Spectrum.
To block all ports except 80 and 443: what about the “Field” in my rule? I’m using “URL full”. Is that correct? Or should it be “Hostname” or something else?

Click on ‘edit expression’ and then copy and paste http.host eq "example.com" and not cf.edge.server_port in {80 443}
At the moment, your rule is saying ‘if the URL full equals ‘http.host eq…’’ which obviously it never will :slight_smile:

1 Like

Yes, I’m using http.host eq "example.com" and not cf.edge.server_port in {80 443}

Is the “URL full” Field correct? Should it be “Hostname?”
Is the Operator “equals” correct?
https://developers.cloudflare.com/firewall/recipes/require-specific-http-ports

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.