Close port 8443 on sslXXXXXX.cloudflaressl.com

We are being rated by an external auditor. Our rating is going down because old TLS versions are being supported. We do accept these old versions on port 443, but we are now downrated even more because there are several ports active with it on CloudFlare’s side, which we do not use.
How can we close port 8443 on sslXXXXXX.cloudflaressl.com (where the umber XXXXXX in the name is actually changing)?

You cant close these ports as these are shared instances. However, I’d assume your minimum SSL version should apply to all ports.

Which domain is it?

The domain is secure.circlelytics.com, we have no obsolete ports open there.
The security scanner is not accepting the ports that are open on your subdomains. If this can’t be changed, then we will have to discuss with the auditing party if we have to switch suppliers for this.

The domain is on Cloudflare but neither the hostname mentioned by you nor the standard names are proxied but they all point directly to your server. Did you disable proxying because of port 8443?

Furthermore, there isnt anything running on “secure”. It doesnt respond on 443 either.

You can enable a WAF rule to block all requests on ports other than 80/443 but you can’t restrict Cloudflare’s listening on that port.

The WAF rule is “Cloudflare 100015 Block requests to all ports except 80 and 443”. If you provide information to the auditor that you have that particular rule enabled it should serve to satisfy the flagged item.

1 Like

Thanks! I found the rule in the WAF and set it to block.
The auditor has been informed.