Appearance
IPv6 Parity for Web Uploads
Validate that policy enforcement and audit semantics for web uploads apply consistently over IPv4 and IPv6 paths. The purpose is to prove deny‑by‑default holds regardless of IP version.
Objectives
- Deny unauthorized uploads over IPv6 with the same behavior and audit fields as IPv4.
- Ensure proxy enforcement does not regress on IPv6 paths.
Preconditions
- Proxy‑only egress with pinning enabled.
- Dual‑stack test endpoints available (IPv4 and IPv6).
Suite
| ID | Canonical IDs | Flow | Procedure | Expected Outcome |
|---|---|---|---|---|
| INTEG-IPV6-PARITY-01 | NET-EGRESS-05, NET-EGRESS-06, DM-WEB-02 | IPv6 Parity for Web Uploads | 1) Attempt browser upload over IPv4. 2) Repeat over IPv6. | Both attempts are denied under default‑deny; audit shows action: "deny", proxyEnforced: true, and consistent fields across IP versions (e.g., ipVersion). |
Evidence Requirements
networkevents:action,proxyEnforced,ipVersion,alpn/protocolas applicable,integrity.hash.dataMotionweb/upload events:action,outcome,rule.id,integrity.hash.
