If your non-web TCP services include unencrypted sensitive information, your sensitive data is vulnerable to snooping.
Spectrum encrypts services running on TCP to prevent unencrypted data, such as user credentials, from falling into the wrong hands.
Spectrum integrates with Cloudflare’s IP Firewall, allowing you to block or challenge IP addresses or entire IP ranges from reaching your TCP services.
Spectrum gives control and flexibility with easy configuration on a per-application basis within the Cloudflare dashboard or API.
Configuration options for Spectrum include:
Domain or Subdomain
Origin IP / Port for Service
Edge Port Specification
IP Firewall (I/O)
PROXY Protocol (I/O)
Proxy non-HTTP/S TCP traffic through Cloudflare
Configurable on a per-application basis
Whitelist or blacklist IP addresses
Supports any proprietary TCP protocol
“Always On” Layer 3 and 4 DDoS Protection
Real-time application-specific analytics
Allow TLS passthrough traffic
Easy setup through dashboard UI or API
Supports multiple ports for an application's hostname
To start using Spectrum, you'll need to be subscribed to a Cloudflare Enterprise plan. By enabling Spectrum, you’ll receive encryption and unmetered mitigation of volumetric DDoS attacks for non-web TCP protocols and ports.