No, cloudflare should be protecting whole domains therefore IPs and their ports I think, due to one of cloudflare's requirements being themselves as the nameserver (so they can block it easily by not resolving the queries at all). Although, you might be right and it is port-specific to 80 and not the rest but that would be just a disastrous call from their end as a service, right? Ports are just subsets of a domain/IP. However, cloudflare is not free, there are multiple (payed) tiers of their service. Also, the front-end went down as well as you said, so not sure what really happened there or whether MPH had cloudflare at all in the first place when the attack happened.