The Haproxy bouncer page ( HAProxy | CrowdSec ) says “Works with IPv4/IPv6”.
But the stick-table is ipv4 only:
stick-table type ip size 10k expire 30m # declare a stick table to cache captcha verifications
So it cannot work with ipv6 addresses?
This is not really a crowdsec thing, but more a haproxy thing. Short answer: It is possible, if you use ipv6 stick tables.
stick-table type ipv6 size 10k expire 30m # declare a stick table to cache captcha verifications
Although it says here:
ipv6(IPv6 address only)
From what I understand, ipv4 addresses will be mapped to ipv6 in that case:
src : ip
This is the source IPv4 address of the client of the session. It is of type
IP and works on both IPv4 and IPv6 tables. On IPv6 tables, IPv4 addresses are
mapped to their IPv6 equivalent, according to RFC 4291.
Relevant information can be found here:
Although not relevant directly to your question, I’d like to mention that the old haproxy plugin will be replaced with a new plugin in the future: GitHub - crowdsecurity/cs-haproxy-spoa-bouncer: EXPERIMENTAL: HAProxy spoe filter for CrowdSec - WAF and IP protection
Leo
Thank you for the suggestion to use a stick-table of ipv6 type. However, I tried this a couple of days ago but it didn’t work. An ipv4 address which was added to the table had no effect. A captcha was issued for every http request I did anyway. I guess the Crowdsec bouncer cannot match an ipv6 address containing an ipv4 address to an ipv4 address correctly. But maybe the bouncer would have worked with normal ipv6 addresses with the ipv6 stick-table? I did not try that.
I didn’t know there’s a new Haproxy plugin in the works. That sounds promising! Looking forward to test it when there’s a stable release. Meanwhile I’m happy to use the old plugin, since it works fine with ipv4 and the correct version of Haproxy. That takes care of most of the bad bots 
Now I have tested with an ipv6 stick-table and a client computer with an ipv6 address: it works! So in conclusion, ipv4 addresses works fine with an ipv4 table and ipv6 addresses works fine with an ipv6 table. But a mix with ipv4 client addresses and an ipv6 table does not work.