Web Application Firewall (WAF) can protect your websites against attacks launched by IPv6 clients.

The increasing popularity of IPv6 has brought new security risks to network environments. WAF provides IPv6 traffic protection to help you build a comprehensive security system.
Note Only Business and Enterprise edition WAF instances in mainland China support this feature.

Enable IPv6 traffic protection

Notice Before you enable IPv6 traffic protection for a website, you must configure the security software on the origin server to allow traffic from the following back-to-origin CIDR blocks:
  • 39.96.158.0/24
  • 47.110.182.0/24
  • 120.77.139.0/25
  • 47.102.187.0/25
To enable IPv6 traffic protection for a domain, go to the Website Configuration page in the WAF console, find the target domain, and click the toggle in the IP V6 Status column.
Note For more information about how to add a domain to WAF, see Configure DNS settings.
ipv6 status

After you enable IPv6 traffic protection, the CNAME record generated by WAF is resolved through two routes. The IPv4 requests are resolved to the protection cluster with an IPv4 address. The IPv6 requests are resolved to the protection cluster with an IPv6 address. This enables WAF to filter both IPv4 and IPv6 traffic and forward normal requests to the origin server. WAF converts IPv6 traffic to IPv4 traffic before forwarding it to the origin server.