Cloudflare is “just” a proxy so I suspect that the IP’s you’re seeing are those of the Cloudflare Proxy and if you looked into the actual requests you’d find that they’re being forwarded for some third party (see Restoring original visitor IPs | Cloudflare Support docs).
To put that in slightly more technical terms the IP on your logs are mis-informing you as they’re at the wrong layer in the OSI network hierarchy, probably 4 vs 7.
If you’re not using port 8443 then the simple solution is to create a WAF Custom rule to block any unnecessary ports, e.g. the below only allows port 80 & 443 (HTTP & HTTPS) not (cf.edge.server_port in {80 443})
I’ve worked in cyber security since 1997 for multiple vendors providing, firewalls, WAFs, web vulnerability scanners, vulnerability modeling, SIEM and behavior analytics. So this is the second time you posted an answer that was not useful or helpful. john.harman is a true MVP unlike you.
Dude… DBAD. @fritex spends a lot of time and effort trying to help people in these forums. If he missed the mark, given your vast experience, you know not everyone knows everything about all topics and sometimes they get on the wrong track.
What do you gain by saying that?
Also I read through his previous response and he provided a WAF rule that did effectively the same thing,
You are wrong, john.harman provided the answer unlike fritex who answered with something that was unrelated to the actual question. He didn’t read the OP and just gave a canned answer that he also did in my previous post on this issue.
I am occasionally wrong as @fritex and many others can attest. But in this instance your instance that you are in the right despite clear evidence to the contrary is quite telling. If you had gone back and reread his post you would see that in fact, the answer was both on topic and on point.
Want to double down again? I’ve been doing this cyber thing longer than you and I know mistakes happen. No one bats 1000 when it comes to troubleshooting. But if you insist on being wrong, don’t let me stop you from showing your ■■■.