How to use the non-standard ports compatible with Cloudflare

Cloudflare says in their article
200169156-Identifying-network-ports-compatible-with-Cloudflare-s-proxy

By default, Cloudflare proxies traffic destined for the HTTP/HTTPS ports listed below.

HTTP ports supported by Cloudflare:

  • 80
  • 8080
  • 8880
  • 2052
  • 2082
  • 2086
  • 2095

but at the bottom of this page Cloudflare also says this:
Cloudflare Access does not support port numbers in URLs. Port numbers are stripped from requests for URLs protected through Cloudflare Access.

I have tested with http://domain.com:8080 and indeed cloudflare removes the 8080 and sends the traffic to domain.com on port 80

So i dont get it, but how do I use one of these other ports? aside from 80 for http or 443 for https (obviously)

Unfortunately, you can’t with Access.

Would Portzilla be an option? As long as something else isn’t already running on Port 80 for that domain, I’d expect this to work.

1 Like

Those are HTTP ports not HTTPS, Cloudflare doesn’t support any HTTP ports with Access. If any actually work it’s not a feature and generally a colossally bad idea.

  • Does the application behind Access need to use HTTPS? Yes. Cloudflare Access only secures applications that use HTTPS.
  • Can Access enforce rules on a specific, nonstandard, port? No. Cloudflare Access cannot enforce a rule that would contain a port appended to the URL.However, you can use Cloudflare Argo Tunnel to point traffic to nonstandard ports. For example, if Jira is available at port 8443 on your origin, you can proxy traffic to that port via with Argo Tunnel.
4 Likes

Did Access actually show up on Port 80 for this request?

ok, I just used half the help article as an example, its exactly the same question with the HTTPS ports mentioned, so my question is the same, how do we use any of these ports except for 443?

You can use Argo tunnel to map to a port on the origin server that isn’t 443, but through Cloudflare itself that’s not supported today.

3 Likes

Thanks cscharff. I do understand that Argo can be used to redirect to the unsupported ports.

My question is about how to use the supported ports as detailed on this page.
200169156-Identifying-network-ports-compatible-with-Cloudflare-s-proxy

Surely there is a reason for Cloudfare to tell us that these ports are supported?

Because only them are in the standard offering. If you want more there is Spectrum, which is an Enterprise product.

The non standard ports are for cPanel/WHM and similar tools, and are not intended to be used for anything else.

1 Like

Cloudflare doesn’t remove the :8080 to then send the traffic to port 80. I believe your testing was incorrect or you’ve configured a page rule or other setting to change the behavior.

1 Like

Are you saying that Access will maintain “non-standard” ports as it passes a user through authentication?

No the OP said he wants to use non-standard but supported posts and the Access bit he quoted wasn’t part of the use case.

1 Like