Web Application Firewall (WAF) can protect web service traffic on both standard and non-standard ports. When you add a website to WAF, you must specify origin server ports. WAF receives and forwards traffic based on the ports that you specify. This topic describes the supported standard and non-standard ports.
Standard ports
WAF can protect web service traffic on the following standard ports:
HTTP ports: 80 and 8080
HTTPS ports: 443 and 8443
Non-standard ports
Cloud native mode
If you add your website to WAF in cloud native mode, you can specify non-standard ports in the range of 0 to 65535.
CNAME record mode
If you add your website to WAF in CNAME record mode, you can specify only supported ports. Different WAF editions support different non-standard ports.
Edition | Supported non-standard port | Number of supported non-standard ports | |
Subscription Basic Edition and Subscription Pro Edition | Not supported | Not supported | |
Subscription Enterprise Edition and Subscription Ultimate Edition | IPv4 | IPv6 |
|
If you use HTTP or HTTPS, non-standard ports in the range of 0 to 65535 are supported, excluding system ports. The following system ports are not supported: 9, 20, 21, 22, 23, 25, 42, 53, 67, 68, 69, 135, 137, 138, 139, 143, 161, 389, 445, 593, 1434, 1521, 3127, 3306, 3389, 4444, 5554, 5800, 5900, 6379, 9996, 11211, 27017, 27018, 50030, 50070, 61613, 61616, and 61617. |
| ||
Pay-as-you-go Edition | 100 | ||
To view the supported ports in the WAF console, perform the following steps:
Go to the Website Configuration page.
On the CNAME Record tab, find the domain name whose ports you want to view and click Edit in the Actions column.
In the Edit Domain Name panel, select HTTP or HTTPS and click View Port Range.
References
For more information about the cloud native mode, see Cloud native mode.
For more information about the CNAME record mode, see Add a domain name to WAF.
For more information about how to query the ports of an instance that are added to WAF, see DescribeResourcePort.