Cloudflare Docs
Firewall Rules
Visit Firewall Rules on GitHub
Set theme to dark (⇧+D)

Require specific HTTP ports

By default, Cloudflare allows requests on a number of different HTTP ports (refer to Network ports.

You can target requests based on their HTTP port with the cf.edge.server_port dynamic field. Use the in comparison operator to target a set of ports.

This example blocks requests to that are not on ports 80 or 443:

ExpressionAction eq "" and not cf.edge.server_port in {80 443}Block

Alternatively, if you are using WAF managed rules (previous version) and you do not need to specify a custom expression, enable rule ID 100015: “Anomaly:Port - Non Standard Port (not 80 or 443)” to block all requests to your zone on non-standard HTTP ports. This rule is not available in WAF Managed Rules (new version) because it was deprecated.