Cloudflare proxies traffic for HTTP traffic at the application level (Layer 7) and TCP traffic at the

transport level (Layer 4).


Overview

Cloudflare can proxy almost all TCP ports. We support two flavors of proxy:

  • an application level (Layer 7) HTTP proxy, and
  • Spectrum, a transport level (Layer 4) TCP proxy

HTTP proxying

Cloudflare can proxy traffic going over the HTTP/HTTPS ports listed below.


If your traffic is on a different port, you can add it as a record in your Cloudflare DNS zone file as

something we don't proxy (gray cloud = no Cloudflare proxy or caching on a record).


The HTTP ports that Cloudflare support are:
80
8080
8880
2052
2082
2086
2095


The HTTPs ports that Cloudflare support are:
443
2053
2083
2087
2096
8443


For the Pro plan and above, you can block traffic on ports other than 80 and 443 using WAF rule id

100015: "Block requests to all ports except 80 and 443".


Ports 80 and 443 are the only ports:

  • For HTTP/HTTPS traffic within China for zones that have the China Network enabled
  • For Cloudflare Apps to be able to proxy on
  • Where Cloudflare Caching is available  

Spectrum proxying

Cloudflare Spectrum is an Enterprise plan product that supports proxying arbitrary TCP protocols

over any port. The only exception is port 21, where proxying is not supported.


To learn more, visit the Cloudflare Spectrum documentation site.