CloudFlare 80/443 Proxying - Not Other Ports

Hey all,

I hope you are all safe and well

I run quite a number of services that offer a web interface over HTTPS and other ports that are required for the services to work, eg 2022, 8081, 587,143 and so on…

I have enabled CloudFlare Proxying on these services and find that the web element of the service works great, however when Proxying is enabled it breaks these other services even though they don’t fall under CloudFlare free service ports

https://developers.cloudflare.com/fundamentals/get-started/network-ports

Is it possible to only proxy only 443 traffic - or have selective port proxying? I know this kind of defeats the purpose of proxying your server connection to hide your origin server IP, but I am looking to Geoblock which requires me to have Proxying on (correct me if I’m wrong) to add to my list of mitigations against attack (very shallow, I know - but it’s one mitigation of many)

Is it possible to add a firewall rule to disable proxying on certain ports?

What would be my best option be? Or would disabling proxying be the only option?

Thanks in advance!

That’s expected, as Cloudflare won’t pass through connections on those unlisted ports.

If you’ve set a hostname to :orange: Proxied, the IP addresses returned for that hostname only works on the listed ports. There’s no way around this for that hostname. You’d have to unproxy it, or run those services on other hostnames that aren’t proxied.

Hi there,

Thanks for the response - understood

Is this the same for Premium/Business also?

Thanks again

Alasdair

Yep. As I said, there’s no way around it. A :orange: Proxied hostname is pretty much a one-trick pony. With the exception of using Cloudflare Tunnel which is a true tunnel running on its own proxied port on that hostname.

There’s a Spectrum product, but that also requires a unique hostname per port so the assigned IP address(es) can be uniquely configured for that specific traffic.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.