Require specific HTTP ports
By default, Cloudflare allows requests on a number of different HTTP ports (refer to Network ports.
You can target requests based on their HTTP port with the cf.edge.server_port
dynamic field. Use the in
comparison operator to target a set of ports.
This example blocks requests to www.example.com
that are not on ports 80 or 443:
Expression | Action |
---|---|
http.host eq "www.example.com" and not cf.edge.server_port in {80 443} | Block |
Alternatively, if you are using WAF managed rules (previous version) and you do not need to specify a custom expression, enable rule ID 100015: “Anomaly:Port - Non Standard Port (not 80 or 443)” to block all requests to your zone on non-standard HTTP ports. This rule is not available in WAF Managed Rules (new version) because it was deprecated.