Wondering if DNS entry need to be proxied for WAF to be working properly ? If so, how can I enable proxy for my screenconnect which is using port 8040 8041 in addition to http(s) ?
Yes, DNS does need to be proxied in order for Cloudflare WAF to work, as otherwise the requests don’t get routed through Cloudflare. If those ports are using HTTPS then you can use Origin Rules · Cloudflare Rules docs to change the destination port. If not, then you would want to look at something like tunnels to use Cloudflare to access those services.
Hi did you figure out how to setup origin rules to allow DNS proxy to be enabled and WAF to work for SC?
It will not work with clients that atttempt to connect to TCP 8041. That is not a default port that Cloudflare listens on.
Okay I see, then do anyone know if there is a way to only proxy 80/443 or to exclude some ports for a certain A Record ?
You cannot control the ports that the Cloudflare proxy listens on. You can control whether a hostname routes traffic to the Cloudflare proxy 
or directly to your origin server 
. You can also control whether your origin host listens on one any of the proxied ports since they map 1:1.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.