When you proxy traffic through Cloudflare, this service listens on these ports to filter and route requests to your origin server using a separate, often non-standard, port. Conversely, restricting all inbound traffic to your server except for the Cloudflare IP ranges ensures that only the proxy can access your origin, significantly reducing your attack surface.
Cloudflare Proxy Ports Architecture Overview: How Traffic Flows and Server Communication Works
Performance Optimization Through Port Management Strategic selection of proxy ports can streamline your infrastructure management and improve monitoring capabilities. This setup allows you to run your web server on a non-standard port, adding a layer of obscurity that can deter basic automated attacks.
Origin Server Communication Behind the scenes, Cloudflare requires specific proxy ports to communicate with your origin server to fetch the actual content. While visitors connect via 80 or 443, Cloudflare initiates requests to your infrastructure over a designated port.
Cloudflare Proxy Ports Architecture Overview
If your firewall blocks the origin port, Cloudflare will be unable to retrieve content, resulting in error messages for your visitors. Visitor Port Direction Origin Port Common Use 80 Client to Cloudflare 80 Unencrypted Origin Pull 443 Client to Cloudflare 443 Encrypted Origin Pull 80 Client to Cloudflare 8080 Custom Origin Configuration 443 Client to Cloudflare 8443 Custom SSL Termination Firewall and Security Considerations Network security policies must explicitly allow traffic on the designated Cloudflare proxy ports to prevent service interruptions.
More About Cloudflare proxy ports
Looking at Cloudflare proxy ports from another angle can help expand the discussion and give readers a second clear paragraph under the same section.
More perspective on Cloudflare proxy ports can make the topic easier to follow by connecting earlier points with a few simple takeaways.