diff --git a/plugins/op_waf/t/index.py b/plugins/op_waf/t/index.py
index 3992caa5f..9cc22c080 100644
--- a/plugins/op_waf/t/index.py
+++ b/plugins/op_waf/t/index.py
@@ -188,8 +188,8 @@ def test_start():
     # test_POST()
     # test_scan()
     # test_CC()
-    test_url_ext()
-    # test_cdn()
+    # test_url_ext()
+    test_cdn()
 
 
 if __name__ == "__main__":
diff --git a/plugins/op_waf/waf/lua/init.lua b/plugins/op_waf/waf/lua/init.lua
index 04754edc6..06b590782 100644
--- a/plugins/op_waf/waf/lua/init.lua
+++ b/plugins/op_waf/waf/lua/init.lua
@@ -18,6 +18,7 @@ local user_agent_html = C:read_file_body(config["reqfile_path"] .. '/' .. config
 local args_rules = C:read_file_table('args')
 local ip_white_rules = C:read_file('ip_white')
 local ip_black_rules = C:read_file('ip_black')
+local ipv6_black_rules = C:read_file('ipv6_black')
 local scan_black_rules = C:read_file('scan_black')
 local user_agent_rules = C:read_file('user_agent')
 local post_rules = C:read_file('post')
@@ -160,6 +161,8 @@ function waf_ip_white()
 end
 
 function waf_ip_black()
+    
+    -- ipv4 ip black
     for _,rule in ipairs(ip_black_rules)
     do
         if C:compare_ip(rule) then 
@@ -167,6 +170,15 @@ function waf_ip_black()
             return true 
         end
     end
+
+    -- ipv6 ip black
+    for _,rule in ipairs(ipv6_black_rules)
+    do
+        if rule == params['ip'] then 
+            ngx.exit(config['cc']['status'])
+            return true 
+        end
+    end
     return false
 end
 
diff --git a/plugins/op_waf/waf/rule/ipv6_black.json b/plugins/op_waf/waf/rule/ipv6_black.json
index 0637a088a..d2b0f2fa1 100755
--- a/plugins/op_waf/waf/rule/ipv6_black.json
+++ b/plugins/op_waf/waf/rule/ipv6_black.json
@@ -1 +1 @@
-[]
\ No newline at end of file
+["2409:8a62:e20:95f0:45b7:233e:f003:c0ab"]
\ No newline at end of file