Cloudflare proxies traffic for HTTP traffic at the application level (Layer 7) and TCP traffic at the
transport level (Layer 4).
Overview
Cloudflare can proxy almost all TCP ports. We support two flavors of proxy:
- an application level (Layer 7) HTTP proxy, and
- Spectrum, a transport level (Layer 4) TCP proxy
HTTP proxying
Cloudflare can proxy traffic going over the HTTP/HTTPS ports listed below.
If your traffic is on a different port, you can add it as a record in your Cloudflare DNS zone file as
something we don't proxy (gray cloud = no Cloudflare proxy or caching on a record).
The HTTP ports that Cloudflare support are:
80
8080
8880
2052
2082
2086
2095
The HTTPs ports that Cloudflare support are:
443
2053
2083
2087
2096
8443
For the Pro plan and above, you can block traffic on ports other than 80 and 443 using WAF rule id
100015: "Block requests to all ports except 80 and 443".
Ports 80 and 443 are the only ports:
- For HTTP/HTTPS traffic within China for zones that have the China Network enabled
- For Cloudflare Apps to be able to proxy on
- Where Cloudflare Caching is available
Spectrum proxying
Cloudflare Spectrum is an Enterprise plan product that supports proxying arbitrary TCP protocols
over any port. The only exception is port 21, where proxying is not supported.
To learn more, visit the Cloudflare Spectrum documentation site.
