Why does IPv6 take priority over IPv4 on "zone lockdown"

Just spent a lot of time figuring the issue here. I only set users up with IPv4 in the zone lockdown and it would not work until I set IPv6 so apparently that takes priority. But why doesn’t it factor in both?

At least update the help section to specify please.

Sorry not sure what the problem/ question is. Can you clarify?

1 Like

I think they were trying to use ‘zone lockdown’ to prevent access to only certain IPs, but were having issues because they were only inputting IPv4 addresses.

Browsers by default use IPv6 over IPv4 when available since it’s a newer protocol and the future of internet addressing. The only way to not allow IPv6 is to disable it via the Cloudflare API, which does present issues to people on IPv6 only networks [some emerging countries are IPv6 only since the cost of new IPv4 addresses is continuously rising].

If possible, for zone lockdown you should add the user’s IPv6 address to the allow list. Since IPv6 addresses end up being addressed per-device (and not NAT’d to all devices on a network), you might want to add the user’s /64:

Or better yet, use CF access since pinning access to an IP is not always good practice:

1 Like

Ah… I guess to also clarify. There is no correlation between a user’s IPv4 and IPv6 (or a way to know what a user’s IPv4 address is if they connect via IPv6). So if users have both, you’d want to block/allow both as needed.

Or that. :smiley:

2 Likes

That’s it, spot on, that helps, thanks Judge.

For other users knowledge, perhaps add this info to the help section as I’ve traditionally used IPv4 for most things and did not know about the priority and only 1 of the IP’s being visible. That helps.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.