As described https://developers.cloudflare.com/fundamentals/get-started/network-ports/ we cannot use others ports to HTTP or HTTPS service rather than that ports listed and compatible with CF waf.
I have the following architecture as example:
- Spectrum app running on no default ports:
- spectrum.domain.com : 5555 / HTTP
- spectrum.domain.com : 5553 / HTTPS
- spectrum.domain.com : 5551 / TCP
In my DNS configuration, I created a CNAME from my domain point to my spectrum spectrum.domain.com, its working ok, but it’s not possible to enable proxy over DNS in this case because when I enable the proxy it will not allow non-compatible ports.
Does anyone know how is possible to use spectrum but at the same time protect the LAYER 7 ???
Another thing is how we can block all ports via firewall and keep just the necessary ports? Because without proxy Cloudflare keeps all ports open to the world. I tried: https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/
but no effect in my configurations