Help Center/ Web Application Firewall/ FAQs/ IPv6 Protection/ How Does WAF Forward Traffic to an IPv6 Origin Server?
Updated on 2024-06-07 GMT+08:00

How Does WAF Forward Traffic to an IPv6 Origin Server?

If the origin server address is an IPv6 address, WAF accesses the origin server over the IPv6 address. WAF adds IPv6 address resolution in CNAME record sets by default. IPv6 access requests are forwarded to WAF first. WAF detects and filters out malicious attack traffic, and returns normal traffic to the origin server to ensure that the origin server is secure, stable, and available.

WAF supports the IPv6/IPv4 dual stack mode and NAT64 mechanism. The details are as follows:

  • WAF can inspect requests that use both IPv4 and IPv6 addresses for the same domain name.
  • For web services that still use the IPv4 protocol stack, WAF uses the NAT64 mechanism to translate external IPv6 access traffic to internal IPv4 traffic. NAT64 is an IPv6 conversion mechanism that enables communication between IPv6 and IPv4 hosts using a form of network address translation (NAT).
  • For regions that support IPv6 protection, see Functions.

Only the professional and platinum editions support IPv6 protection.