Possible to retrieve client port?

Is there a way to also retrieve the client port in addition to the IP address for a proxied HTTP3/QUIC request? Goal is to hide a P2P matchmaker, which must accept requests of some UDP-based protocol (which QUIC happens to be!) and reveal the public IP/port of connecting clients, behind Cloudflare.

Cloudflare generally only handles HTTP. Now, HTTP 3 has been moved to UDP but that still only happens on the first-leg and furthermore does not mean arbitrary UDP packets are accepted.

It doesn’t need to accept arbitrary UDP packets, with QUIC being UDP-based it would work just fine to receive an actual QUIC request. But there doesn’t seem to be any way to get the clients port that was used to connect to Cloudflare…

So you essentially want to get passed the client port of the first-leg connection in an HTTP header to the origin?

As far as I know that is currently not possible. Presumably not even with a worker, though you could look into that of course.

Basically yeah, much like we have access to the IP. A crucial step of establishing a P2P connection is to discover the public IP/port combo the clients NAT has assigned to outgoing UDP sessions, which is what this would be doing. But of course that doesn’t work if Cloudflare eats the port.

Will look into the worker thing, but maybe it’s just not possible to run this behind Cloudflare…

Most likely. You could also contact sales, on an Enterprise plan such a custom requirement might be doable.