Skip to content

IPv6 Parity for Web Uploads

Validate that policy enforcement and audit semantics for web uploads apply consistently over IPv4 and IPv6 paths. The purpose is to prove deny‑by‑default holds regardless of IP version.

Objectives

  • Deny unauthorized uploads over IPv6 with the same behavior and audit fields as IPv4.
  • Ensure proxy enforcement does not regress on IPv6 paths.

Preconditions

  • Proxy‑only egress with pinning enabled.
  • Dual‑stack test endpoints available (IPv4 and IPv6).

Suite

IDCanonical IDsFlowProcedureExpected Outcome
INTEG-IPV6-PARITY-01NET-EGRESS-05, NET-EGRESS-06, DM-WEB-02IPv6 Parity for Web Uploads1) Attempt browser upload over IPv4. 2) Repeat over IPv6.Both attempts are denied under default‑deny; audit shows action: "deny", proxyEnforced: true, and consistent fields across IP versions (e.g., ipVersion).

Evidence Requirements

  • network events: action, proxyEnforced, ipVersion, alpn/protocol as applicable, integrity.hash.
  • dataMotion web/upload events: action, outcome, rule.id, integrity.hash.