IPv6/IPv4 restrictions to the particular subdomains


To test the customers’ connectivity using IPv4 and IPv6 stacks, I configured three subdomain names:


test-v4.example.com has only A record. Requests to this endpoint should be made only via the IPv4 stack.
test-v6.example.com has only AAAA record. Requests to this endpoint should be made only via the IPv6 stack.
test-v46.example.com has A and AAAA records. There are no IP stack restrictions.

Currently, to keep the desired mechanics and to protect at least test-v4.example.com by Cloudflare:

  • turned off the “IPv6 Compatibility”
  • enabled Proxy for test-v4.example.com
  • keep test-v46.example.com and test-v6.example.com unprotected.

How can I protect all the subdomains with Cloudflare (or smth else) while keeping the desired mechanics?
The primary use case is to protect the infra from UDP DDoS attacks.


Using a Cloudflare full setup for a domain, you can only disable IPv6 for the whole zone, not a subdomain.

For IPv4 and IPv6 address detection via Cloudflare I make a request to one domain that has both IPv4 and IPv6 and if the result is an IPv6 address, I make a second request to a different domain that has IPv6 disabled.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.