How do I stop IPV6?
I am seeing this in my apache logs
username.extremehosting.ca-ssl_log:2a06:98c0:3600::103 - - [21/Sep/2025:10:27:06 -0400] "GET /wp-admin/setup-config.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36
How? "ifconfig | grep inet6" returns nothing. Isn't 2a06:98c0:3600::103 an IP::port? What are these hits? "ping6 myserver.com" fails with "Name or service not known". because IPV6 is disable I thought. Can someone tell me what is happening?
-
Hey there! This isn't a name:port combination but that's just the reverse IPv6 address the server is detecting from the visitor. Just because IPv6 is disabled for *outbound* connections to your server doesn't mean machines using it can't connect to your machine.
Compare that to an IPv4 address from the same log and it should look similar.
0 -
But it doesn't look the same:
server.com-ssl_log:2a06:98c0:3600::103 - - [22/Sep/2025:10:32:35 -0400] "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36"
server.com-ssl_log-193.242.108.12 - - [22/Sep/2025:10:32:37 -0400] "POST /xmlrpc.php HTTP/1.1" 421 322 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36IP6 first then IP4 second. How can I stop all IP6 connections from coming in? I don't understand how that can happen if I have no adapter with IP6 bound to it. again, "ifconfig | grep inet6" returns nothing.
0 -
While I'm sure you can do this, it's not something I would recommend as you would lose access to a large amount of internet traffic that prioritizes IPv6 addresses. It's also not something we have a tool for in cPanel.
Is this causing a specific issue for you?
0 -
Just a thought: If the server doesn't have an IPv6 allocation, the connections shouldn't reach it.... However, if you are using something like Cloudflare which will then proxy IPv6 connections to IPv4 address and you have the relevant "real IP" module installed in Apache (it used to be called mod_cloudflare, but I think the name has changed since I last needed it), then the Apache logs will reflect the IP address given to Cloudflare - such as the IPv6 address.
Is this something that could be happening on your setup?
0 -
yes, that could be happening. I'm just concerned traffic can hit my server via IP6 bypassing my IP4 firewall. thats a security risk.
0 -
You can block IPv6 ports 80 & 443 in your firewall.
Although I don't understand how it is security risk if those are open.
0 -
If that is what is happening, then IPv6 traffic is NOT hitting your server. It is IPv4 traffic from CloudfFlare which just happens to have a Cloudflare injected CF-Connecting-IP header which your server is logging as the originating IP address (as the original user was using IPv6 until it hit Cloudflare, but then Cloudflare then fetched the data from your server using IPv4).
However, I would advice enabling IPv6 on the network level (if supported by your DC: most have done for years now) and getting and getting an IPv6 firewall (I haven't been aware of a non-IPv6 one for Linux for over two decades). Without Cloudflare in the mix, you would be missing a number of visitors (as, according to Google, 49.4% of all worldwide users use IPv6 as default and only fallback to IPv4 if not not supported).
0
Please sign in to leave a comment.
Comments
7 comments