I see some events in the firewall log that were caught by the non standard port rule, and a lot of them will list the port requested in the standard url:port format, however many of them appear to be requests for my homepage with no port listed, so im left wondering if these were not legitimate requests. Why would there be no port listed in the event log for the non standard port firewall event?
I’d say someone probing to enter either cPanel’s default port, or some other different than standard 80 and 443, like 8080, 8000, 2082 etc., even on other hostnames you have listed under the DNS tab as DNS records.
Using a WAF Firewall Rule, you can create one to block those probe requests to all except 80 and 443 for example.
If you’re interested, kindly, see below article for help and apply the Firewall Rule in your case to block those kind of requests for your proxied hostname domain.
NOTE: You’d have to switch to expression builder and write that down into the input field and then save.
It’s assummed and understood for default ones, we don’t write them neither to the URL address bar of our Web browser like
cloudflare.com:443. Even, a challenge and difficult to remember them.
Port number is usually omitted if the web server uses the standard ports of the HTTP protocol (80 for HTTP and 443 for HTTPS) to grant access to its resources. The port is the indication of the protocol being used. Over different ports we can provide different services.
I don’t think you understood my question. I’m not confused about how ports work, or how different services work through ports, or why logs will omit the port for standard http or https requests.
I asked a very specific question about the built-in managed firewall rules: When using the default set of managed firewall rules, one of those rules is the “nonstandard port rule” that blocks any requests that come in on a port other than 80 or 443. When I see firewall activity that gets blocked by this specific rule, sometimes the cloudflare log will tell me which non-standard port was requested, and sometimes it doesn’t. Why does it sometimes not list the non-standard port that was requested?
That was my question.
Wow! Then that’s new to me if that’s now available on a single click
I remember I’ve had to create a custom Firewall Rule back 1-2 year already.
I might have to dig for this a bit more.