http://localhost/ is not accessible if "Block IPv6 Traffic" option is enabled for WSS Agent and user accessing TCP 80
Article ID: 218362
Updated On:
Products
Issue/Introduction
http://localhost/ is not accessible if "Block IPv6 Traffic" option is enabled for WSS Agent.
Typically only happens with Applications listening on TCP port 80/443/8080/8443 on loopback interface
Users report site cannot be reached error
Can ping loopback interface without issues.
Environment
WSS agent on Windows
Application listening on loopback interface and referenced via 'localhost'
Application listens on TCP port that WSS intercepts (80/443/8080/8443)
Cause
the 'localhost' host is not resolved via DNS, but via the hosts file
If DNS was used to resolve the IP address and the block IPv6 IP address configuration tab enabled, then WSS can strip this (AAAA DNS responses) and send back the IPv4 IP address only
Windows 10 has an IPv6 and an IPv4 entry for localhost within the hosts file
How the application resolves local hosts is not consistent - ping returned the IPv4 IP address but the IE / Chrome browsers used returned an IPv6 IP address which the agent blocked.
Resolution
A number of options exist including:
- using 127.0.0.1 instead of localhost on the Application or browser (PREFERRED), or
- remove ::1 from the hosts file or
- disable IPv6 on the host
Make sure that the latest WSS Agent code is running (7.5.1+) as it also has fixes for localhost issues on the agent side.
Additional Information
PCAP confirmed that localhost TCP 80 connections were going to ::1 and not 127.0.0.1
netstat -an shows App listening on TCP 80 for IPv4 and IPv6 IP addresses
CHrome netexport tool is very useful for verifying whether the 'localhost' sockets are using IPv6 or IPv4 - https://www.chromium.org/for-testers/providing-network-details/. Make sure that the localhost queries use IPv4.
Feedback
