Web Application Firewall (WAF) can protect your websites against attacks launched by IPv6 clients.
Enable IPv6 traffic protection
After you enable IPv6 traffic protection, the CNAME record generated by WAF is resolved through two routes. The IPv4 requests are resolved to the protection cluster with an IPv4 address. The IPv6 requests are resolved to the protection cluster with an IPv6 address. This enables WAF to filter both IPv4 and IPv6 traffic and forward normal requests to the origin server. WAF converts IPv6 traffic to IPv4 traffic before forwarding it to the origin server.