How to stop forwarding cpanel ports?

#1

We have some sites hosted on CF that we prefer if potential attackers dont find the server IP of the origin.

However, I noticed that if you open mydomain.com:2087 or mydomain.com:2083 etc, they reach out to the origin.

We are on a free cloudflare plan.
How do we avoid/secure these ports? - we simply want only two things reachable 80 and 443.

#2

If you are on a paid plan you can do that with a WAF rule -> https://support.cloudflare.com/hc/en-us/articles/200169156-Which-ports-will-Cloudflare-work-with-

Otherwise you could play around with firewall rules and http.host. Checking against that field might possibly get you somewhere.