hstspreload.org icon indicating copy to clipboard operation
hstspreload.org copied to clipboard

Published 20 hours ago verified publisher icon chromium

Cannot add an IPv6-only site

Open oskar456 opened this issue 8 years ago • 13 comments

I'd like to add the site https://neběží.xyz (https://xn--neb-tma3u8u.xyz) to the HSTS preload list. This site is intentionally accessible only over IPv6.

When I submit the preload request via https://hstspreload.appspot.com/?domain=neb%C4%9B%C5%BE%C3%AD.xyz I get this error response:

Error: Cannot connect using TLS We cannot connect to https://xn--neb-tma3u8u.xyz using TLS ("Get https://xn--neb-tma3u8u.xyz: dial tcp [2001:1528:132:70::ebe2]:443: connect: network is unreachable").

oskar456 avatar Jun 05 '16 08:06 oskar456

I can't reproduce this using a local copy of the submission server locally, so I'm guessing this is a Google Cloud limitation.

Here is the output of hstspreload +d "xn--neb-tma3u8u.xyz"

Checking domain xn--neb-tma3u8u.xyz for preload requirements... Observed header: max-age=31536000; includeSubDomains; preload

Warning:

  1. Unnecessary HSTS header over HTTP [redirects.http.useless_header] The HTTP page at http://xn--neb-tma3u8u.xyz sends an HSTS header. This has no effect over HTTP, and should be removed.

Would you mind fixing the warning and then emailing me at the hstspreload contact address? I'm happy to add you manually.

lgarron avatar Jun 06 '16 22:06 lgarron

(xn--neb-tma3u8u.xyz is will be added with Chrome 53.)

lgarron avatar Jun 08 '16 19:06 lgarron

Reopening this because we still can't scan IPv6-only sites on Google Cloud.

lgarron avatar May 02 '17 22:05 lgarron

I've filed a Google-internal bug about this (b/38325009).

lgarron avatar May 16 '17 01:05 lgarron

i had such problem do Not use VPN it will be fixed اجاره خودرو

myehrajat avatar Mar 15 '18 09:03 myehrajat

I have the same problem with two domains. This needs to get fixed but i will email @Igarron for manual addition.

Gunni avatar Mar 26 '18 04:03 Gunni

Any updates on this?

dt-flo avatar Mar 02 '21 17:03 dt-flo

The problem is still not solved. IPv6 should at least be supported as well as IPv4 nowadays.

jakob11git avatar Jan 08 '23 03:01 jakob11git

still not fixed, any updates?

masterflitzer avatar Feb 06 '23 20:02 masterflitzer

I can't help debug this, since I don't have access to the Google Cloud project. @nharper, would you be able to configure something like this? https://cloud.google.com/compute/docs/ip-addresses/configure-ipv6-address

lgarron avatar Feb 07 '23 03:02 lgarron

It looks like those instructions apply only to GCE resources, and don't apply to app engine flex (I can't configure GAE flex VMs). The internal bug is still open for tracking this issue, and now that GCE supports dual-stack, that should help that bug make progress.

nharper avatar Mar 02 '23 23:03 nharper

This is still an issue. I'm unable to check the preload status of my own IPv6-only site (yartys.no) at hstspreload.org.

huaracheguarache avatar Jul 24 '23 19:07 huaracheguarache

I have same problem with my IPv6 only https://ipv6kungen.se. I have made some more sites IPv6-only but they are preloaded already, what happes with them then? I fixed ipv6kungen.se by added an A RR and removed it after. :)

tobbe-eklov avatar Apr 11 '24 11:04 tobbe-eklov