Which ports will Cloudflare work with?

Cloudflare acts as a proxy for HTTP traffic at the application layer (Layer 7) and for TCP traffic at the

transport layer (Layer 4).

Overview

Cloudflare is capable of proxying nearly all TCP ports. We offer two types of proxy:

  • an application layer (Layer 7) HTTP proxy, and
  • Spectrum, a transport layer (Layer 4) TCP proxy

HTTP proxying

Cloudflare can proxy traffic over the HTTP/HTTPS ports mentioned below.


If your traffic is on a different port, you can add it as a record in your Cloudflare DNS zone file to designate it as

something we do not proxy (gray cloud = no Cloudflare proxy or caching on a record).


The HTTP ports supported by Cloudflare are:
80
8080
8880
2052
2082
2086
2095


The HTTPS ports supported by Cloudflare are:
443
2053
2083
2087
2096
8443


For the Pro plan and higher, you can block traffic on ports other than 80 and 443 using WAF rule id

100015: "Block requests to all ports except 80 and 443".


Ports 80 and 443 are the only ports:

  • For HTTP/HTTPS traffic within China for zones that have the China Network enabled
  • For Cloudflare Apps to be able to proxy on
  • Where Cloudflare Caching is available  

Spectrum proxying

Cloudflare Spectrum is a product for Enterprise plans that allows proxying of arbitrary TCP protocols

over any port, with the exception of port 21, where proxying is not permitted.


To learn more, visit the Cloudflare Spectrum documentation site.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.