Cloudflare Docs
Firewall Rules
Visit Firewall Rules on GitHub
Set theme to dark (⇧+D)

Require specific HTTP ports

By default, Cloudflare allows requests on a number of different HTTP ports (refer to Network ports.

You can target requests based on their HTTP port with the cf.edge.server_port dynamic field. Use the in comparison operator to target a set of ports.

This example blocks requests to www.example.com that are not on ports 80 or 443:

ExpressionAction
http.host eq "www.example.com" and not cf.edge.server_port in {80 443}Block

Alternatively, if you are using WAF managed rules and you do not need to specify a custom expression, enable rule ID 100015: “Anomaly:Port - Non Standard Port (not 80 or 443)” to block all requests to your zone on non-standard HTTP ports. This rule is not available in WAF Managed Rulesets (in the new WAF) because it was deprecated.