Web Application Firewall (WAF) protects services at specific non-standard ports and services at standard HTTP ports 80 and 8080 and HTTPS ports 443 and 8443. If your origin server uses ports other than 80 and 443, you must customize server ports when you configure WAF. Then, WAF redirects traffic for your website at the custom server ports.

Prerequisites

  • Your website is added to the WAF console. For more information, see Add domain names.
    Note This topic describes how to customize server ports by editing an existing domain name in the WAF console. Alternatively, you can customize server ports when you manually add a website to the WAF console for protection. For more information, see Manually add website configurations.
  • To use ports other than 80, 8080, 443, and 8443, you must make sure that the WAF instance that you purchased meets the following specification requirements:
    • If a WAF instance that uses the subscription billing method is activated, the edition of the instance must be the Business edition or above. For more information, see Editions and features.

Background information

WAF forwards traffic only on specified ports of the origin server. For ports that are not configured, WAF does not forward any traffic on these ports.

Limits

Ports

If you use WAF Business or Enterprise, the following ports are available:
Note The query results displayed in the WAF console prevail. For more information, see Allowed Port Range.
  • HTTP-compliant

    80, 81, 82, 83, 84, 86, 87, 88, 89, 97, 800, 808, 1000, 1090, 3333, 3501, 3601, 5000, 5222, 6001, 6666, 7000, 7001, 7002, 7003, 7004, 7005, 7006, 7009, 7010, 7011, 7012, 7013, 7014, 7015, 7016, 7018, 7019, 7020, 7021, 7022, 7023, 7024, 7025, 7026, 7070, 7081, 7082, 7083, 7088, 7097, 7510, 7777, 7800, 8000, 8001, 8002, 8003, 8008, 8009, 8020, 8021, 8022, 8025, 8026, 8077, 8078, 8080, 8081, 8082, 8083, 8084, 8085, 8086, 8087, 8088, 8089, 8090, 8091, 8106, 8181, 8334, 8336, 8686, 8800, 8888, 8889, 8999, 9000, 9001, 9002, 9003, 9021, 9023, 9027, 9037, 9080, 9081, 9082, 9180, 9200, 9201, 9205, 9207, 9208, 9209, 9210, 9211, 9212, 9213, 9898, 9908, 9916, 9918, 9919, 9928, 9929, 9939, 9999, 10000, 10001, 10080, 12601, 28080, 33702, and 48800

    Notice Only the WAF instances deployed in the regions in mainland China support port 48800.
  • HTTPS-compliant
    443, 4443, 5443, 6443, 7443, 8443, 8553, 8663, 9443, 9553, 9663, and 18980
    Notice Only the WAF instances deployed in the regions in mainland China support port 18980.

Port quantity

The total number of ports that can be used by each WAF instance for all websites has the following limits:
  • A WAF Business instance on a subscription basis supports a maximum of 10 ports, including ports 80, 8080, 443, and 8443.
  • A WAFEnterprise instance on a subscription basis supports a maximum of 50 ports, including ports 80, 8080, 443, and 8443.
Note A WAF Exclusive instance supports more non-standard ports. You can use HTTP ports, HTTPS ports, and HTTP/2 ports as back-to-origin ports. For more information, see Create an exclusive cluster.

Procedure

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
  3. In the left-side navigation pane, choose Asset Center > Website Access.
  4. On the Website Access page, find the target domain name and click Edit in the Actions column.
  5. On the Edit page, click Customize in the Destination Server Port section.
  6. Click the required protocol type (valid values: HTTP and HTTPS), enter the ports that you want to add, and click Save.Server ports
    Note The ports that you entered must be within the allowed port range. Otherwise, the settings cannot be saved. You can click View Allowed Port Range to check whether the specified ports are within the allowed port range.
    Allowed Port Range
  7. Click Confirm.