Cloudflare acts as a proxy for HTTP traffic at the application layer (Layer 7) and for TCP traffic at the
transport layer (Layer 4).
Overview
Cloudflare is capable of proxying nearly all TCP ports. We offer two types of proxy:
- an application layer (Layer 7) HTTP proxy, and
- Spectrum, a transport layer (Layer 4) TCP proxy
HTTP proxying
Cloudflare can proxy traffic over the HTTP/HTTPS ports mentioned below.
If your traffic is on a different port, you can add it as a record in your Cloudflare DNS zone file to designate it as
something we do not proxy (gray cloud = no Cloudflare proxy or caching on a record).
The HTTP ports supported by Cloudflare are:
80
8080
8880
2052
2082
2086
2095
The HTTPS ports supported by Cloudflare are:
443
2053
2083
2087
2096
8443
For the Pro plan and higher, you can block traffic on ports other than 80 and 443 using WAF rule id
100015: "Block requests to all ports except 80 and 443".
Ports 80 and 443 are the only ports:
- For HTTP/HTTPS traffic within China for zones that have the China Network enabled
- For Cloudflare Apps to be able to proxy on
- Where Cloudflare Caching is available
Spectrum proxying
Cloudflare Spectrum is a product for Enterprise plans that allows proxying of arbitrary TCP protocols
over any port, with the exception of port 21, where proxying is not permitted.
To learn more, visit the Cloudflare Spectrum documentation site.