Qualys Vulnerability Scan

Hi I just started managing a domain that is protected by Cloudflare. A vulnerability scan was run from Qualys to our doman.

The vulnerability scanner ran port scans on the Clourflare IP for our site. When connecting to ports 8080,8443 and 2553 by IP they got an HTTP error page, the same request to those ports by hostname fails. I know the requests are not going beyond cloudflare but there is a concern that since the vulnerability reports those ports as “open” it might cause an audit issue.

Is there a way to just drop requests to those ports?

If you have a WAF rule in place to drop traffic not on port 80/443 you can simply provide thatto the auditor as a mitigation.