Cloudflare Zero Trust Tunnels

Anyone else notice recently that Cloudflare Tunnel hostnames are now responding on ports that don’t belong to the service? :8080 redirects to http:// and despite having SSL forced to STRICT on the domain names HTTP traffic is let through without an issue direct and follows the same port mapping on the proxy target.

This just started happening a few days ago, as I noticed my Security Scorecard score tanked from A to D

1 Like

I’m having the same issue for http but not https targets