Updated on 2024-04-25 GMT+08:00

Enabling WAF IPv6 Protection

You can enable IPv6 protection if needed. If IPv6 protection is enabled, WAF assigns an IPv6 access address to your domain name. WAF adds IPv6 address resolution to CNAME record sets by default. All IPv6 access requests are first forwarded to WAF. WAF detects and filters out malicious traffic and returns legitimate traffic to the origin server. This can keep origin servers secure, stable, and available.

  • If the origin server address of the protected website is an IPv6 address, IPv6 protection is enabled by default. WAF uses the IPv6 back-to-source address to establish a connection to the origin server.
    Figure 1 Only IPv6 addresses set for origin server addresses
  • If the origin server address of the protected website is set to an IPv4 address, after you manually enable IPv6 protection, WAF uses the NAT64 mechanism to translate the external IPv6 traffic to internal IPv4 traffic. NAT64 is a network address translation (NAT) mechanism that enables communications between IPv6 and IPv4 servers. WAF uses the IPv4 back-to-source address to establish a connection to the origin server.
    Figure 2 Only IPv4 addresses set for origin server addresses

Prerequisites

The website you want to protect has been added to WAF.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner and choose Security > Web Application Firewall.
  4. In the navigation pane, choose Website Settings.
  5. In the Protected Website column, click the domain name of the website to go to the basic information page.
  6. In the IPv6 Protection row, click . In the dialog box displayed, select Enable and click OK.