Updated on 2024-11-19 GMT+08:00

Enabling WAF IPv6 Protection

You can enable IPv6 protection if needed. If IPv6 protection is enabled, WAF assigns an IPv6 access address to your domain name. WAF adds IPv6 address resolution to CNAME record sets by default. All IPv6 access requests are first forwarded to WAF. WAF detects and filters out malicious traffic and returns legitimate traffic to the origin server. This can keep origin servers secure, stable, and available.

  • If the origin server address of the protected website is an IPv6 address, IPv6 protection is enabled by default. WAF uses the IPv6 back-to-source address to establish a connection to the origin server.
    Figure 1 Only IPv6 addresses set for origin server addresses
  • If the origin server address of the protected website is set to an IPv4 address, after you manually enable IPv6 protection, WAF uses the NAT64 mechanism to translate the external IPv6 traffic to internal IPv4 traffic. NAT64 is a network address translation (NAT) mechanism that enables communications between IPv6 and IPv4 servers. WAF uses the IPv4 back-to-source address to establish a connection to the origin server.
    Figure 2 Only IPv4 addresses set for origin server addresses

Constraints

  • You have selected Cloud Mode - CNAME for your website deployment.
  • Only the professional and platinum editions support IPv6 protection.
  • For details about the regions that support IPv6 protection, see Features.
  • If the origin server uses IPv6 addresses, IPv6 protection is enabled by default. To prevent IPv6 service from interruption, keep the IPv6 protection enabled. If IPv6 protection is not needed, edit the server configuration and delete IPv6 configuration from the origin server first. For details, see Editing Server Information.

Enabling WAF IPv6 Protection

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner and choose Web Application Firewall under Security & Compliance.
  4. In the navigation pane, choose Website Settings.
  5. In the Domain Name column, click the domain name of the website to go to the basic information page.
  6. In the IPv6 Protection row, click . In the dialog box displayed, select Enable and click OK.