Cloudflare ipv6

O

Onlyme

Active member
Seems you can no longer disable ipv6 in the cloudflare panel does anyone know a work around to stop ipv6 on the xenforo side?
 
Not sure about a real work around because the ip address will still be ipv6 but will appear as ipv4 if you enable pseudo ipv4. You can replace ivp6 with ipv4 by setting the option pseudo ipv4 to either 'add header' or 'overwrite headers' (network > pseudo ipv4). It simply makes the ipv6 ip address (for people coming to your site through a VPN for example) an ipv4 address. I set mine to overwrite headers. It's a simple solution to allowing your visitors to always have a real ip address.

But as for a work around to actually stop ipv6, I'm not sure of a way.
 
Brad Padgett said:
Not sure about a real work around because the ip address will still be ipv6 but will appear as ipv4 if you enable pseudo ipv4. You can replace ivp6 with ipv4 by setting the option pseudo ipv4 to either 'add header' or 'overwrite headers' (network > pseudo ipv4). It simply makes the ipv6 ip address (for people coming to your site through a VPN for example) an ipv4 address. I set mine to overwrite headers. It's a simple solution to allowing your visitors to always have a real ip address.

But as for a work around to actually stop ipv6, I'm not sure of a way.
Click to expand...
I have it set to add header now but I'm still getting ipv6 on some users.

I tried overwrite headers but on an ip search it said private?
 
madness85 said:
I have it set to add header now but I'm still getting ipv6 on some users.

I tried overwrite headers but on an ip search it said private?
Click to expand...

It takes some time to update. And at least I believe that's what pseudo ipv4 does. All I know is I had users with ipv6 ip addresses coming in and I set it to pseudo ipv4 'overwrite headers' and I started to see them with ipv4 addresses instead.

But when I set mine, it took some time to update before I started seeing ipv4. So after a while you should start seeing ipv4 only.
 
Brad Padgett said:
It takes some time to update. And at least I believe that's what pseudo ipv4 does. All I know is I had users with ipv6 ip addresses coming in and I set it to pseudo ipv4 'overwrite headers' and I started to see them with ipv4 addresses instead.

But when I set mine, it took some time to update before I started seeing ipv4. So after a while you should start seeing ipv4 only.
Click to expand...
OK I will give it some time. Thank you very much for your reply :)
 
madness85 said:
@Brad Padgett I've added the overwrite headers and it has changed the ipv6 users to ipv4 but the Ips are private ips and not the user's ip. If you try do a search on http://whatismyipaddress.com/ it will say invalid.

Looks like I have no option but to have a mix of ipv4 and ipv6 :(
Click to expand...


Well still though the ip is assigned to the user. So if you ever need to ban someone that ip is still unique to the user. However I wish I knew a work around for it. Currently I'm fine with the way it is but good luck on finding a way. At least the user has a unique ip though.
 
Brad Padgett said:
Well still though the ip is assigned to the user. So if you ever need to ban someone that ip is still unique to the user. However I wish I knew a work around for it. Currently I'm fine with the way it is but good luck on finding a way. At least the user has a unique ip though.
Click to expand...
Ye I guess that's a positive.

Hopefully someone will have a solution :)
 
Any way to have a xenforo addon that does that instead and it's compatible with 1.4.x too?
I'd like to see all members ip addresses as IPv4 and not IPv6
 
Adrian D. said:
Any way to have a xenforo addon that does that instead and it's compatible with 1.4.x too?
I'd like to see all members ip addresses as IPv4 and not IPv6
Click to expand...
Not all IPv6 addresses can be converted to IPv4 addresses, so a plugin won't be able to do that conversion reliably.

Your best choice is to just disable IPv6 at the edge (Cloudflare) with the API.
 
Mind that if you disable IPv6 then you will leave yourself open to attacks from IPv6 addresses. We had to turn it back on because we had attacks from an IPv6 address and the only way to ban it was to re-enable IPv6.
 
Alfa1 said:
Mind that if you disable IPv6 then you will leave yourself open to attacks from IPv6 addresses. We had to turn it back on because we had attacks from an IPv6 address and the only way to ban it was to re-enable IPv6.
Click to expand...
Really? How can you be vulnerable to a protocol which you don't accept?

I didn't see anything about that in the Cloudflare documentation.
 
AFAIK if CloudFlare is rewriting the IPv6 address of an attacker to IPv4 then you will not be able to block the IP in the firewall without turning IPv6 back on. Thats the reason why we've had to re-enable the IPv6 headers to be passed to the server.
 
Oh, I would think that if they're re-writing IPv6 addresses as IPv4 before passing it along, your server would just see the new IPv4 address and your firewall would handle that the same as it would any other. Maybe I'm confused.
 
You must log in or register to reply here.

Similar threads

K
Fixed TypeError: array_merge(): Argument #1 must be of type array, bool given src/XF/Http/Reader.php:118
Replies
4
Views
1K
mattrogowski
mattrogowski
C
  • Question Question
reCAPTCHA replacement via CloudFlare
Replies
1
Views
342
digitalpoint
digitalpoint
nodle
Guest page caching
Replies
8
Views
686
digitalpoint
digitalpoint
K
  • Question Question
XF 2.2 DCom Admin CP Help
Replies
1
Views
188
kaii
K
AndrewSimm
XF 2.2 externalDataUrl and non-friendly, friendly, and Cloudflare R2
Replies
4
Views
447
AndrewSimm
AndrewSimm
Top Bottom