Web Application Firewall (WAF) supports the protection of services at specific non-standard ports and services at standard HTTP ports 80 and 8080 and HTTPS ports 443 and 8443. If your origin server uses ports other than 80 and 443, you must customize server ports when you configure WAF. WAF provides traffic forwarding services for your website at the custom server ports.

Prerequisites

  • Your website is added to the WAF console. For more information, see Add domain names.
    Note This topic describes how to customize server ports by editing an existing domain name in the WAF console. Alternatively, you can customize server ports when you manually add a website to the WAF console for protection. For more information, see Manually add website configurations.
  • To use ports other than 80, 8080, 443, and 8443, the edition of the WAF instance must be Business or Enterprise.

Background information

WAF forwards traffic only on specified ports of the origin server.

Limits

Port range

If you select a service plan of Business, Enterprise for WAF, the following ports are available:
Note The query results displayed in the WAF console prevail. For more information, see Allowed Port Range.
  • HTTP-compliant

    80, 81, 82, 83, 84, 86, 87, 88, 89, 97, 800, 808, 1000, 1090, 3333, 3501, 3601, 5000, 5222, 6001, 6666, 7000, 7001, 7002, 7003, 7004, 7005, 7006, 7009, 7010, 7011, 7012, 7013, 7014, 7015, 7016, 7018, 7019, 7020, 7021, 7022, 7023, 7024, 7025, 7026, 7070, 7081, 7082, 7083, 7088, 7097, 7510, 7777, 7800, 8000, 8001, 8002, 8003, 8008, 8009, 8020, 8021, 8022, 8025, 8026, 8077, 8078, 8080, 8081, 8082, 8083, 8084, 8085, 8086, 8087, 8088, 8089, 8090, 8091, 8106, 8181, 8334, 8336, 8686, 8800, 8888, 8889, 8999, 9000, 9001, 9002, 9003, 9021, 9023, 9027, 9037, 9080, 9081, 9082, 9180, 9200, 9201, 9205, 9207, 9208, 9209, 9210, 9211, 9212, 9213, 9898, 9908, 9916, 9918, 9919, 9928, 9929, 9939, 9999, 10000, 10001, 10080, 12601, 28080, 33702, and 48800

    Notice Only the WAF instances deployed in the regions of mainland China support port 48800.
  • HTTPS-compliant
    443, 4443, 5443, 6443, 7443, 8443, 8553, 8663, 9443, 9553, 9663, and 18980
    Notice Only the WAF instances deployed in the regions of mainland China support port 18980.

Port quantity

The limits on the total number of ports that can be used by each WAF instance for all websites are as follows:
  • A subscription WAF instance with a Business service plan selected supports a maximum of 10 ports, including ports 80, 8080, 443, and 8443.
  • A subscription WAF instance with an Enterprise service plan selected supports a maximum of 50 ports, including ports 80, 8080, 443, and 8443.
Note An exclusive cluster for WAF supports more non-standard ports. You can use HTTP ports, HTTPS ports, and HTTP/2 ports as the back-to-origin ports. For more information, see Create an exclusive cluster.

Procedure

  1. Log on to the Web Application Firewall console.
  2. In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
  3. In the left-side navigation pane, choose Asset Center > Website Access.
  4. On the Website Access page, find the target domain name and click Edit in the Actions column.
  5. On the Edit page, click Customize in the Destination Server Port section.
  6. Click the required protocol type (valid values: HTTP and HTTPS), enter the ports that you want to add, and click Save.Server ports
    Note The ports that you entered must be within the available port range. Otherwise, the settings cannot be saved. You can click View Allowed Port Range to check whether the specified ports are within the available port range.
    Allowed Port Range
  7. Click Confirm.