0

Our server is currently IPv4 only.

However we are using CloudFlare in front of it, and we would like to take advantage of the IPv6 compatibility it offers.

In the same time we have some applications on the server which are not aware of IPv6 (like vBulletin), and we don't want to introduce any unexpected behavior there.

We are also using mod_cloudflare to get the actual IPs of the client.

Questions / didn't try out the followings yet, want to make sure first:

From reading the CloudFlare documentation, I understood it would work like this after enabling IPv6 Compatibility:

  • CLIENT w/ IPv4 > CF > CF w/ IPv4 > SERVER w/ IPv4 > mod_cf > get CLIENT IPv4
  • CLIENT w/ IPv6 > CF > CF w/ IPv4 > SERVER w/ IPv4 > mod_cf > get CLIENT IPv6

The issue here is that we get an IPv6 address which might introduce errors in the IPv6-unaware apps.

Reading further on CloudFlare, I saw they have the Pseudo IPv4 with Overwrite headers:

  • CLIENT w/ IPv6 > CF > CF w/ IPv4 > SERVER w/ IPv4 > mod_cf > get CLIENT Pseudo IPv4

Would this be the correct approach to introduce IPv6 compatibility without breaking any existing applications on the server? Are there any drawbacks to this method?

References:

Chris Dev
  • 117
  • 6

1 Answers1

2

It is common for proxy services to provide IPv6 to IPv4 conversion There are a few optional headers which can contain IP addresses. If you aren't using them, then there should be no issue. If your software is IPv6 capable, and you just don't have a public IPv6 address, there is less likelihood of an issue.

The header most likely to have an IPv6 address is X-Forwarded-For. Cloudflare also injects a header indicating the address of the client as seen by their servers. Their option sanitizes both headers so applications that can't handle IPv6 addresses will see IPv4 addresses. You should have no issues with this option.

I would urge you to upgrade to IPv6 capability, even if you don't immediately get IPv6 addresses for your servers.

BillThor
  • 27,737
  • 3
  • 37
  • 69