How can I allow only 80 and 443 ports and block all other incoming ports?

dash-dns
#1

Hello,

how can I allow only 80 and 443 ports and block all other incoming ports?

I did not find such possibility or did I miss something?

Many thanks in advance!

#2

You will need a paid plan for that. Alternatively you could try to play with firewall rules and check if you can come up with a rule.

#3

Do you know how this option is called? It should be found also in control panel with free plan, but I cannot find something applicable.

I did not find anything in firewall rules for it.

This is really a security joke. By shared hosting there are ports for control center, etc. So you can bypass cloudflare via URLs with port number and you will be redirected to your hosting server. Bingo!

Except this I would not like allow scan ports on my server.

So cloudflare has urgent to think about this option.

#4

Cloudflare cant protect shared hosts unless the hosting company ist a CF partner or at least that host has only Cloudflare protected domains on it. It’s also easy to gather information about websites running behind the same IP address, use DNS history and so on.

Further many hosting companies provide own URLs like vserv123.hostingcompany.com. Another way to bypass and reveal the origin IP.

Further Cloudflare does only work with a few Ports:

As long as an application is using one of the Ports, they can access your Control Center but would not see your real IP address. Attempts to any orther port than the above will fail, when your domain is used to access the server.

You can use Firewall Rules to lock down access to a subdomain like cpanel.yourdomain.com to your IP adreess, AS number or country for example. But not to certain ports.

Cloudlfare staff, their families, pets etc are hungry and they need money to fill their fridges. CF is giving away a lot for free.

Also Cloudflare services are only one part of the chain. The Origin needs to be secured as well.

1 Like
#5

WAF, and it is not on the free plan.

I am not quite sure what you are trying to say. If your server reveals its IP address it is a data “leak” on your server side and not an issue with Cloudflare’s security concept.

2 Likes
closed #6

This topic was automatically closed after 14 days. New replies are no longer allowed.