Spectrum application - Non compatible HTTP/S TCP ports

As described https://developers.cloudflare.com/fundamentals/get-started/network-ports/ we cannot use others ports to HTTP or HTTPS service rather than that ports listed and compatible with CF waf.

I have the following architecture as example:

In my DNS configuration, I created a CNAME from my domain point to my spectrum spectrum.domain.com, its working ok, but it’s not possible to enable proxy over DNS in this case because when I enable the proxy it will not allow non-compatible ports.

Does anyone know how is possible to use spectrum but at the same time protect the LAYER 7 ???

Another thing is how we can block all ports via firewall and keep just the necessary ports? Because without proxy Cloudflare keeps all ports open to the world. I tried: https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/
but no effect in my configurations

Are you part of the enterprise program?

Yes @jnperamo .

This one you should be able to simply set the edge port to 5555 and then set your origin like any normal spectrum application.

For this one, you should enable Edge TLS termination and pick the best TLS mode that suits your app.

This is something you might want to check with your account manager.

1 Like

Sure, I got it.

I forgot to describe one detail, I need to use the domain.com and not the spectrum-app.domain.com, due to this I mentioned that I’ve created a DNS record point from domain.com to my spectrum-app.domain.com.

If you know some CF documentation clear about that please send me.

The subdomain that comes from spectrum is optional
image

2 Likes

Yes, but just if I don’t remove the main domain from my records (domain.com), otherwise it will be declared as duplicated. Works with a new subdomain, this is good.

Related to TCP redirects, any chance to use it and make some redirect?

To this domain and port for example: