Cloudflare proxies traffic for HTTP traffic at the application level (Layer 7) and TCP traffic at the transport level (Layer 4).
Cloudflare can proxy almost all TCP ports. We support two flavors of proxy:
- an application level (Layer 7) HTTP proxy, and
- Spectrum, a transport level (Layer 4) TCP proxy
Cloudflare can proxy traffic going over the HTTP/HTTPS ports listed below.
If your traffic is on a different port, you can add it as a record in your Cloudflare DNS zone file as something we don't proxy (gray cloud = no Cloudflare proxy or caching on a record).
The HTTP ports that Cloudflare support are:
The HTTPs ports that Cloudflare support are:
For the Pro plan and above, you can block traffic on ports other than 80 and 443 using WAF rule id 100015: "Block requests to all ports except 80 and 443".
Ports 80 and 443 are the only ports:
- For HTTP/HTTPS traffic within China for zones that have the China Network enabled
- For Cloudflare Apps to be able to proxy on
- Where Cloudflare Caching is available
Cloudflare Spectrum is an Enterprise plan product that supports proxying arbitrary TCP protocols, including game server traffic, over any port.
To learn more, visit the Cloudflare Spectrum documentation site.
Cloudflare Access and ports
Cloudflare Access does not support port numbers in URLs at this time. Any attempt to use a URL protected through Access that has a port number, the port number will be stripped from the request.