Web Application Firewall (WAF) protects services that use standard and non-standard ports. The standard ports include 80, 8080, 443, and 8443. You must configure WAF to add support for non-standard ports. You can specify non-standard ports for the origin server when you configure WAF for your website. WAF receives and forwards traffic on the specified ports. This topic describes the standard and non-standard ports that are supported by WAF.

Background information

After you configure WAF for your website, WAF forwards traffic to the origin server only on the specified ports. WAF does not forward traffic on the ports that are not specified.

Precautions

  • WAF protects services that use standard ports or non-standard ports. The number of ports that are supported and the range of non-standard ports that are supported by a WAF instance vary based on the WAF edition that is used. For more information, see Ports supported by each WAF edition.
  • The maximum number of ports that a WAF instance supports is the total number of standard and non-standard ports that the instance supports.
  • In some cases, only specific non-standard ports that are supported by WAF can be used. To be able to use all non-standard ports, you must use a WAF instance of the Exclusive edition or add a website to WAF in transparent proxy mode.

View the supported ports in the WAF console

You can view the supported ports in the WAF console.

  1. Visit the Website Access page in the WAF console.
  2. Find the domain name for which you want to specify ports and click Edit in the Actions column.
  3. On the Edit page, find the Destination Server Port section and click View Allowed Port Range.

For more information, see Specify ports.

Ports supported by each WAF edition

  • Transparent proxy mode: You can use non-standard ports from 0 to 65535.
    Note The number of traffic redirection ports that are supported in transparent proxy mode is limited. For more information, see Limits.
  • CNAME record mode: Only subscription WAF instances of the Business, Enterprise, or Exclusive edition and the pay-as-you-go WAF instances that have Support for Non-Standard Ports enabled allow you to specify non-standard ports.

    The following table lists the ports that are supported by each WAF edition in CNAME record mode. The supported ports in the console shall prevail. For more information about how to view the supported ports in the console, see Specify ports.

    WAF edition Maximum number of ports supported by each WAF instance Supported standard port (default) Supported non-standard port (custom)
    Pro 4
    • HTTP ports: 80 and 8080
    • HTTPS ports: 443 and 8443
    		 Not supported
    Business 30 (This is the total number of standard ports and non-standard ports.)
    • HTTP ports: 80 and 8080
    • HTTPS ports: 443 and 8443
    • HTTP ports:
      81, 82, 83, 84, 86, 87, 88, 89, 97, 800, 808, 1000, 1090, 3333, 3501, 3601, 5000, 5222, 6001, 6666, 7000, 7001, 7002, 7003, 7004, 7005, 7006, 7009, 7010, 7011, 7012, 7013, 7014, 7015, 7016, 7018, 7019, 7020, 7021, 7022 7023, 7024, 7025, 7026, 7070, 7071, 7081, 7082, 7083, 7088, 7097, 7510, 7777, 7800, 8000, 8001, 8002, 8003, 8008, 8009, 8020, 8021, 8022, 8025, 8026, 8077, 8078, 8081, 8082, 8083, 8084, 8085, 8086, 8087, 8088, 8089, 8090, 8091, 8106, 8181, 8334, 8336, 8686, 8800, 8888, 8889, 8999, 9000, 9001, 9002, 9003, 9021, 9023, 9027, 9037, 9080, 9081, 9082, 9180, 9200, 9201, 9205, 9207, 9208, 9209, 9210, 9211, 9212, 9213, 9898, 9908, 9916, 9918, 9919, 9928, 9929, 9939, 9999, 10000, 10001, 10080, 12601, 28080, 33702, and 48800
      Notice Only WAF instances deployed in the Chinese mainland support port 48800.
    • HTTPS ports:
      4443, 5443, 6443, 7443, 8553, 8663, 9443, 9553, 9663, and 18980
      Notice Only WAF instances deployed in the Chinese mainland support port 18980.
    Enterprise 50 (This is the total number of standard ports and non-standard ports.)
    • HTTP ports: 80 and 8080
    • HTTPS ports: 443 and 8443
    • HTTP ports:
      81, 82, 83, 84, 86, 87, 88, 89, 97, 800, 808, 1000, 1090, 3333, 3501, 3601, 5000, 5222, 6001, 6666, 7000, 7001, 7002, 7003, 7004, 7005, 7006, 7009, 7010, 7011, 7012, 7013, 7014, 7015, 7016, 7018, 7019, 7020, 7021, 7022 7023, 7024, 7025, 7026, 7070, 7071, 7081, 7082, 7083, 7088, 7097, 7510, 7777, 7800, 8000, 8001, 8002, 8003, 8008, 8009, 8020, 8021, 8022, 8025, 8026, 8077, 8078, 8081, 8082, 8083, 8084, 8085, 8086, 8087, 8088, 8089, 8090, 8091, 8106, 8181, 8334, 8336, 8686, 8800, 8888, 8889, 8999, 9000, 9001, 9002, 9003, 9021, 9023, 9027, 9037, 9080, 9081, 9082, 9180, 9200, 9201, 9205, 9207, 9208, 9209, 9210, 9211, 9212, 9213, 9898, 9908, 9916, 9918, 9919, 9928, 9929, 9939, 9999, 10000, 10001, 10080, 12601, 28080, 33702, and 48800
      Notice Only WAF instances deployed in the Chinese mainland support port 48800.
    • HTTPS ports:
      4443, 5443, 6443, 7443, 8553, 8663, 9443, 9553, 9663, and 18980
      Notice Only WAF instances deployed in the Chinese mainland support port 18980.
    Exclusive 50 (This is the total number of standard ports and non-standard ports.)
    • HTTP ports: 80 and 8080
    • HTTPS ports: 443 and 8443
    		 All the non-standard ports in the range of 0 to 65535 other than the following system ports: 22, 53, 4431, 4646, 4985, 4986, 4987, 6060, 8301, 8600, 9100, 15001, and 56688.
    Note The Exclusive edition of WAF supports additional non-standard ports, apart from the ports in the preceding table. This edition also allows you to specify custom HTTP ports, HTTPS ports, and HTTP/2 ports as back-to-origin ports. For more information, see Create an exclusive cluster.

References