WAF rool 100015 doesn't work

I went to WAF for both of my domains, set the rule to block , after that I did nmap scanner to verify:

nmap -p 1-9000 mydomain

And I still can see open ports :


80/tcp   open  http
443/tcp  open  https
2052/tcp open  clearvisn
2053/tcp open  knetd
2082/tcp open  infowave
2083/tcp open  radsec
2086/tcp open  gnunet
2087/tcp open  eli
2095/tcp open  nbx-ser
2096/tcp open  nbx-dir
8080/tcp open  http-proxy
8443/tcp open  https-alt
8880/tcp open  cddbp-alt

That’s the listener on the proxy server. That has to stay open, but I don’t expect it will pass through any requests. Have you tried something like http://example.com:8080?

I have no concerns about 8080 or 8433, but all others, 2052, 2053, 2082, 2083, 2086, 2087, 2095, 2096. I need to close it. Our customer security audit demands to close it and it the past same option closed it, right now all of them become open again.

The documentation on that rule states that it returns 403 for all requests on ports other than 80 and 443:

Once enabled, the additional Cloudflare ports are still open, but no data is sent to those ports as the WAF blocks the request with an HTTP 403 response.

Telling your auditor how you have mitigated the issue should be enough to resolve the issue.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.