How Does WAF Forward Traffic to an IPv6 Origin Server?
If the origin server address is an IPv6 address, WAF accesses the origin server over the IPv6 address. WAF adds IPv6 address resolution in CNAME record sets by default. IPv6 access requests are forwarded to WAF first. WAF detects and filters out malicious attack traffic, and returns normal traffic to the origin server to ensure that the origin server is secure, stable, and available.
WAF supports the IPv6/IPv4 dual stack mode and NAT64 mechanism. The details are as follows:
- WAF can inspect requests that use both IPv4 and IPv6 addresses for the same domain name.
- For web services that still use the IPv4 protocol stack, WAF uses the NAT64 mechanism to translate external IPv6 access traffic to internal IPv4 traffic. NAT64 is an IPv6 conversion mechanism that enables communication between IPv6 and IPv4 hosts using a form of network address translation (NAT).
- For regions that support IPv6 protection, see Functions.
Only the professional and platinum editions support IPv6 protection.
Configuring IPv6 Addresses FAQs
- Which WAF Editions in Which Regions Support IPv6 Protection?
- How Do I Check Whether the Origin Server IP Address Configured in WAF Is an IPv6 Address?
- Can I Configure the Origin Server Address to an IPv6 Address in WAF?
- How Does WAF Forward Traffic to an IPv6 Origin Server?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore
