(pre sales question) proxied (sub)Domain + WAF

Have you searched for an answer?
yes but need clarification before I order

My plan (please tell me if I got this right):

  1. buy the “Pro” plan to get access to WAF
  2. order a domain on Cloudflare
  3. use the Cloudflare API for my dynamic WAN IP address setup (server hosted at home)
  4. create 2 sub domains on Cloudflare: wg. mydomain. com & home. mydomain. com
  5. use domain profiles to forward traffic: my domain → home server (proxied)
  6. use WAF to block all traffic on the toplevel domain (I don’t want anything hitting mydomain. com to reach my home server)
  7. use WAF to only allow port 51820 on wg. mydomain. com and block all other ports
  8. use WAF to only allow port 80 and 443 on home. mydomain. com and block all other ports

My assumption (please tell me if this is correct):

  • ALL (inbound) traffic goes through these “proxied” connections - when you connect to i.e. wg. mydomain. com you don’t see my home WAN IP address.
  • Ports that I block in WAF are not able to connect do my (sub).domain
  • wg. and home. mydomain. com benefit from cloudflared DDOS protection

Thank you so much! :slight_smile:

That’s not going to work.

https://developers.cloudflare.com/fundamentals/get-started/reference/network-ports/

1 Like

Thank you!
I read a forum thread where someone claimed to have used the Cloudflare firewall for that purpose - your link seems to make clear that this is not possible.

Thanks again! :slight_smile:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.