Can I use "not cf.edge.server_port in {80 443 22}" in a firewall rule on the free plan?

bluedogranch · January 18, 2023, 5:28pm

Hi, Can I use this in the WAF as a rule to block all traffic except in ports 80, 443 and 22?

http.host eq "example.com" and not cf.edge.server_port in {80 443 22}

Is this rule correct? Do I use URL Full for the field?

Will this work with the free Cloudflare plan?

Thanks

smarsh · January 18, 2023, 8:44pm

What are you trying to do? re: 22, we wont proxy traffic to port 22 unless you purchase Spectrum.

If you want to only allow traffic to 80 and 443 HTTP ports, then http.host eq "example.com" and not cf.edge.server_port in {80 443} works for me on my free plan zone.

bluedogranch · January 19, 2023, 5:41pm

Thanks! I understand that to proxy port 22 I need Spectrum.
To block all ports except 80 and 443: what about the “Field” in my rule? I’m using “URL full”. Is that correct? Or should it be “Hostname” or something else?

smarsh · January 20, 2023, 11:06am

Click on ‘edit expression’ and then copy and paste http.host eq "example.com" and not cf.edge.server_port in {80 443}
At the moment, your rule is saying ‘if the URL full equals ‘http.host eq…’’ which obviously it never will

bluedogranch · January 20, 2023, 2:35pm

Yes, I’m using http.host eq "example.com" and not cf.edge.server_port in {80 443}

Is the “URL full” Field correct? Should it be “Hostname?”
Is the Operator “equals” correct?
https://developers.cloudflare.com/firewall/recipes/require-specific-http-ports

system · February 4, 2023, 2:35pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.