Enable IPv6 protection

After your website has been connected to WAF, you can enable IPv6 protection for it with one click. IPv6 protection defends websites against attacks launched in the IPv6 environment, and helps the origin server to implement security protection against IPv6 protocol requests.

Precondition

• A WAF instance has been subscribed. For more information, see Subscribe Web Application Firewall. -Enterprise Edition and above instance packages are available. For more information, see Edition and Function Description.
• Website access completed. For more information, see Add Domain Name.

Background Information

With the rapid popularization of the IPv6 protocol, new network environments and emerging fields are facing new security challenges. The IPv6 protection function of WAF can help you easily build a security protection system with global coverage.

After the IPv6 security protection function is enabled, the CNAME address automatically generated by WAF will be resolved in two ways. The resolution rules are as follows:

• Resolution requests initiated by IPv4 clients will be resolved to a protection cluster of IPv4 addresses.
• Resolution requests initiated by IPv6 clients will be resolved to a protection cluster of IPv6 addresses.

Two-way resolution implements threat detection and defense for IPv4 and IPv6 traffic, and forwards secure access traffic to the origin server; meanwhile, IPv6 traffic is automatically converted to IPv4 traffic and forwarded back to the origin server.

Operation Steps

​ 1. Log in to Web Application Firewall Console.

​ 2. In the navigation bar at left side, click Website Configuration.

​ 3. Find the domain name to be operated on the Website Configuration page, and turn on the IPv6 Status switch for it.