Campus6

How to enable IPv6 on Apache 2?

Apache Portable Runtime (APR) supports IPv6 on all platforms where IPv6 supported, allowing Apache to allocate IPv6 sockets and handle requests which were sent over IPv6.

One complicating factor for Apache administrators is whether or not an IPv6 socket can handle both IPv4 connections and IPv6 connec tions. Handling IPv4 connections with an IPv6 socket uses IPv4-mapped IPv6 addresses, which are allowed by default on most platform s but are disallowed by default on FreeBSD (5.x and later only), NetBSD, and OpenBSD in order to match the system-wide policy on tho se platforms. But even on systems where it is disallowed by default, a special configure parameter can change this behavior for Apache.

If you want Apache to handle IPv4 and IPv6 connections with a minimum of sockets, which requires using IPv4-mapped IPv6 addresses, specify the --enable-v4-mapped configure option and use generic Listen directives like the following:

 Listen 80

With --enable-v4-mapped, the Listen directives in the default configuration file created by Apache will use this form. --enable-v4-mapped is the default on all platforms but FreeBSD, NetBSD, and OpenBSD, so this is probably how your Apache was built, however if you build Apache2 from Ports on FreeBSD, the port collection enables v4-mapped address support.

If you want Apache to handle IPv4 connections only, regardless of what your platform and APR will support, specify ONLY IPv4 address on all Listen directives, as in the following examples:

 Listen 0.0.0.0:80
 Listen 192.168.2.1:80

If you want Apache to handle IPv4 and IPv6 connections on separate sockets (i.e., to disable IPv4-mapped addresses), specify the --disable-v4-mapped configure option and use specific Listen directives like the following:

  Listen [::]:80
  Listen 0.0.0.0:80

With --disable-v4-mapped, the Listen directives in the default configuration file created by Apache will use this form. The --disable-v4-mapped is the default on FreeBSD, NetBSD, and OpenBSD.

Listen does not implement Virtual Hosts. It only tells the main server what addresses and ports to listen to. If <VirtualHost> directives are used, the server will behave the same for all accepted requests. However, <VirtualHost> can be used to specify a different behavior for one or more of the addresses and ports. To implement a VirtualHost, the server must first be told to listen to the address and port to be used. Then a <VirtualHost> section should be created for a specified address and port to set the behavior of this virtual host.

How to implement access control for IPv6?

You can implement access control as you get used to in IPv4, but you have to use the CIDR syntax.

 Order deny,allow
 Deny from all
 Allow from 2001:db8:0:1::/64

Campus6: Apache2Guide (last edited 2009-01-05 09:41:11 by mohacsi)