Limitations
The following limitations apply to different protocols supported by Spectrum.
At the moment, HTTPS applications do not support HTTP/3.
At the moment, Cloudflare does not support packet fragmentation for UDP packets. If packets are fragmented, they will be dropped at Cloudflare’s edge.
Minecraft Java Edition is supported but Minecraft Bedrock Edition is not supported.
Universal SSL is not compatible with Cloudflare Spectrum. Use either an advanced certificate or a custom certificate instead.
When using Spectrum as an on-ramp and Magic WAN as an off-ramp the proxy protocol setting in Spectrum is not supported.
Integrating Spectrum with Cloudflare Tunnel is only supported for HTTP/HTTPS applications. This is because Spectrum must upstream the request through the Layer 7 CDN products to reach the Tunnel service.
To correctly route traffic from Spectrum through a Cloudflare Tunnel, you must:
- Configure your Spectrum application with the type set to HTTP or HTTPS.
- Point the Spectrum application's origin to a hostname that is already routing traffic through your Cloudflare Tunnel (for example, via a DNS record or Cloudflare Load Balancer).
Using a Spectrum application of any other type (for example, TCP) with a Cloudflare Tunnel origin is not supported. Pointing a Spectrum application's origin directly to your Tunnel's subdomain (<UUID>.cfargotunnel.com) is also not a valid configuration and will not work.
By default, Spectrum is configured to listen on all ports, which can raise concerns for security auditors. However, it is important to note that Spectrum will only proxy connections from edge ports that are specifically configured within Cloudflare.
When a TCP handshake is initiated to any port for a Spectrum IP, the handshake will always be completed. If there is a Spectrum application configured for the port, the connection will be proxied to origin. If no application is configured, the connection is immediately terminated and no origin connection will be opened.
Spectrum will only ever proxy traffic to an origin if there is a Spectrum application configured for that port.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers