Web Application Firewall (WAF) protects web service traffic on both standard and non-standard ports. When you add a website to WAF, you must specify the ports for the origin server. WAF uses these ports to receive and forward traffic. This topic describes the standard and non-standard ports that WAF supports.
Standard ports
WAF protects web service traffic on the following standard ports:
HTTP ports: 80 and 8080
HTTPS ports: 443 and 8443
Non-standard ports
Cloud native mode
If you add your website to WAF in cloud native mode, you can specify non-standard ports in the range of 1 to 65535.
CNAME record mode
If you add your website to WAF in CNAME record mode, you can use only the non-standard ports that WAF provides. Custom non-standard ports are not supported. The available non-standard ports vary based on the WAF edition.
Edition | Supported non-standard port range | Number of supported non-standard ports | |
Subscription Basic and Pro | Not supported | Not supported | |
Subscription Enterprise and Ultimate | IPv4 | IPv6 |
|
For HTTP and HTTPS, non-standard ports are ports in the range of 0 to 65535, excluding the following system ports: 9, 20, 21, 22, 23, 25, 42, 53, 67, 68, 69, 110, 135, 137, 138, 139, 143, 161, 389, 445, 593, 1434, 1521, 3127, 3306, 3389, 4444, 5554, 5800, 5900, 6379, 9996, 11211, 27017, 27018, 50030, 50070, 61613, 61616, and 61617. |
| ||
Pay-as-you-go | 100 | ||
To view the supported ports in the WAF console, perform the following steps:
Go to the Onboarding page.
On the CNAME Record tab, find the domain name that you want to manage and click Edit in the Actions column.
In the Edit Domain Name panel, select the HTTP or HTTPS protocol and click View Port Range.
References
For more information about the cloud native mode, see Cloud native mode.
For more information about the CNAME record mode, see Add a domain name to WAF using a CNAME record.
For more information about how to query all ports that are added to WAF for an instance, see Query all ports of an instance that are added to WAF.