Web Attacks on port 8443

What is the name of the domain?

What is the issue you’re encountering

Web Attacks on port 8443

What steps have you taken to resolve the issue?

None since Cloudflare doesn’t block or allow one to set what ports to allow.

What are the steps to reproduce the issue?

Visit https:/tonymacx86.com:8443

If you do have proxied :orange: DNS records, port 8443 is supported and compatible with Cloudflare proxy :orange: , by default if you do have e.g. WAF Custom Rules, Bot Fight Mode and other Security & Performance features configured and enabled, would apply to it as well.

If you have it open, and someone tries to visit your Website using a different port, Cloudflare would pass the request further to the origin and the visitor will get a response if you’re running some service on that specific port.

Source article for more information:

By default, the ports from above are all allowed.

You cannot close or disable a specific port, rather you can block any requests coming to those ports by creating a custom Expression in your WAF Custom Rule such as example from below to allow only traffic to the port 443 and block traffic to all the others compattible with :orange: :

(http.host contains "tonymacx86.com" and not cf.edge.server_port in {443})

Do not forget to select the action “block” at the end and make sure it’s the first rule from above on the Custom Rules list.

In picture:

With this WAF Custom Rule, anyone trying to access to https://tonymacx86.com:8443 or https://tonymacx86.com:2083 and any other listed from the linked source article above, except port 443 for which we allow traffic, would be presented with a Cloudflare’s default block page as below:

In case if you use online tools or services which check if port is open for a domain or URL, it’ll say it’s open, but all the HTTP(S) requests to it are blocked with our security & protection measurement from above.

Useful article with an example:

You can combine WAF Custom Rules, e.g. you can restrict:

  1. serviceA.domain.com running only with port 8443 and block traffic to any other than 8443
  2. domain.com only over 80 and 443 (with redirection HTTP to HTTPS at Cloudflare) and block any other than those two
  3. Much more other options to combine on demand

Using the above example, you’d see the blocked requests under the Security → Events page, therefrom you can keep track and trace down the bad hosts or bad traffic from some ASNs and block them further with Custom Rules, IP Access Rules, User-agent blocking, etc.

In case you’d want to protect something more, like TCP or UDP ports for some specific service which you’re running, there is a way to use billable and paid Spectrum service:

Nevertheless, best case always is to close the unused and unneeded ports on your host origin.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.