As with httpd in general, any IPv4-over-IPv6 mapped addresses are recorded in their IPv4 representation. Internal (Private) Addresses All internal addresses 10/8, 172.16/12, 192.168/16, 169.254/16 and 127/8 blocks (and IPv6 addresses outside of the public 2000::/3 block) are only evaluated by modremoteip when RemoteIPInternalProxy internal. I have this in my httpd.conf; Listen 2001:470:4:50d::2:80 Which, should tell Litespeed to listen on the IPv6 interface, but it doesn't bind at all, only IPv4. What else needs to be done to get Litespeed to listen on IPv6?
Contributed bymerdelyon from the ipv6-will-save-the-world dept.
Recently, Marc Balmer (mbalmer@) committed an update to OpenBSD's Apache implementation to enable IPv6:
Configure iptables to Allow Access to the Web Server Via IPv6 The default Ip6tables configuration does not allow inbound access to the HTTP (80) and HTTPS (443) ports used by the web server. This modification allows that access, while keeping other ports on the server in their default protected state.
Details about integrating IPv6 into httpd(8) from Marc below.
Marc explains how the IPv6 integration came about and what its impact was:
The IPv6 support for httpd originally comes from KAME. Todd Fries (todd@) had it lying around and provided me with it. I brushed it up a bit and installed in on several machines to make sure it works correctly.
IPv6 support for httpd changed the module ABI [Application Binary Interface], since IPv6 addresses take up more space in memory that IPv4 addresses. This meant that I had to check all modules that we have in base (KAME fixed some of them) and also in ports. I converted all modules to the new ABI and I hope that I did not forget one...
Also the webalizer port that we had did not support logfiles with IPv6 addresses in it, so we switched that to an extended version that supports IPv6 addresses.
He goes on to explain the impact of this update on IPv4 support and what users can expect:
IPv6 programs usually are programmed in an address family independent way, which means they will use IPv6 or IPv4 addresses. Often IPv6 is preferred over IPv4. Many programs have -4 and -6 command line switches to restrict them to the use of IPv4 or IPv6 addresses only.
With httpd we did it slightly different: The default behaviour is to use the IPv4 address family only. There is a command line switch to use IPv6 by default for ambiguous directives like 'BindAddress *', but by default httpd should just behave like it did before. We wanted to avoid the situation where httpd listens on IPv6 addresses after an update without the sysadmin being aware of it. That was also the main issue with all this: Introducing support for IPv6 without breaking IPv4.
So an IPv4 user can just go on as usual, an IPv6 user can use IPv6 addresses in the httpd.conf file where usually IPv4 addresses have been used.
A README.IPv6 has been created with more information.
A handful of standard modules included in base were updated: mod_proxy, mod_ssl, mod_access, mod_unique_id and mod_usertrack. In addition to the webalizer port, mod_perl, mod_security and mod_scgi were updated to handle the changes in httpd.
Httpd Ipv6 Download
Thank you to all of the developers that worked to bring IPv6 to OpenBSD's httpd. And thank you, Marc, for sharing the details.