Help Center> Web Application Firewall> FAQs> About WAF> Configuring IPv6 Addresses> How Does WAF Forward Traffic to an IPv6 Origin Server?
Updated on 2023-08-28 GMT+08:00

How Does WAF Forward Traffic to an IPv6 Origin Server?

If the origin server address is an IPv6 address, WAF accesses the origin server over the IPv6 address. WAF adds IPv6 address resolution in CNAME record sets by default. IPv6 access requests are forwarded to WAF first. WAF detects and filters out malicious attack traffic, and returns normal traffic to the origin server to ensure that the origin server is secure, stable, and available.

WAF supports the IPv6/IPv4 dual stack mode and NAT64 mechanism. The details are as follows:

  • WAF can inspect requests that use both IPv4 and IPv6 addresses for the same domain name.
  • For web services that still use the IPv4 protocol stack, WAF supports the NAT64 mechanism. NAT64 is an IPv6 conversion mechanism that enables communication between the IPv6 and IPv4 hosts using network address translation (NAT). WAF can convert an IPv4 source site to an IPv6 website and converts external IPv6 access traffic to internal IPv4 traffic.

Configuring IPv6 Addresses FAQs