I’m hosting my website myself and using cloudflare simply for DNS. However. I would like cloudflare to forward any HTTP requests that come in on port 80 to instead forward it to my IP address on a different port (for example port 1234). I know DNS does not do this but a firewall does. Rather than Cloudflare just responding to a DNS query I would like it to also port-forward.
This would mean my website is more secure from a casual port scan as port 80 on my firewall would be closed and only a secret random high number port would be open. Is there a simple way of doing this? A basic port-forwarding rule is all I’m after?
A firewall can do this, but that would still be something you’d need to configure locally and not on Cloudflare.
Cloudflare itself does not support that. What you could do is use Portzilla, though that is essentially paid. Another option would be a custom Worker script, though if you exceed the free limit that will be paid as well.
Thanks for the reply sandro,
I’m just doing what I can to tighten up security on my own-hosted web server. Closing down all ports to the outside world apart from a random ‘high’ port would secure me from the many casual port scans that my unifi security gateway alerts me to.
I’ve set up a couple of rules in the Cloudflare firewall to block spurious website login attempts. I was just looking into being able to close port 80 completely. I’m not really to familiar with ssl yet so just looking at my options.
While I understand where you are coming from, I’d really advise against moving a public service to another port just to avoid port scanners. That is just making things more difficult and error prone.
My two cents, configure your web server on port 443, make sure it has a valid certificate, point Cloudflare to that IP address, make sure your firewall only accepts connections from Cloudflare, and you should be good to go.