If only basic DDoS mitigation capability is provided for a cloud service, you cannot manually deactivate blackhole filtering that is triggered for the cloud service. You can only wait for the blackhole filtering to be automatically deactivated. This topic describes how to view the period of time that must elapse before blackhole filtering for a cloud service is automatically deactivated.
Blackhole filtering deactivation policy
By default, Alibaba Cloud automatically deactivates blackhole filtering 2.5 hours after the DDoS attacks stop. In actual scenarios, Alibaba Cloud automatically deactivates blackhole filtering 30 minutes to 24 hours after the DDoS attacks stop. The period of time varies based on the frequency at which your asset is attacked. In rare cases, the period of time exceeds 24 hours. The blackhole filtering duration changes based on the following factors:
The duration of attacks. If attacks continue for a long time, the duration of blackhole filtering is extended.
The frequency of attacks. If an asset experiences attacks for the first time, the duration of blackhole filtering automatically decreases. If an asset experiences frequent attacks, the asset has a high probability to encounter continuous attacks, and the duration of blackhole filtering is automatically extended.
If blackhole filtering is frequently triggered for an asset, Alibaba Cloud reserves the right to further extend the duration of blackhole filtering and lower the threshold to trigger blackhole filtering for the asset. You can view the actual duration and threshold of blackhole filtering in the console.
Procedure
Log on to the Traffic Security console.
In the left-side navigation pane, click Assets.
In the top navigation bar, select the region in which your asset resides.
On the Assets page, view the protection descriptions in the Description of DDoS Attack Mitigation section.
The time that follows Blackholing Disabled At in the Description of DDoS Attack Mitigation section indicates the duration of blackhole filtering for assets in the current region.
NoteIf an asset receives multiple DDoS attacks, the duration of blackhole filtering is calculated after the last DDoS attack stops.
References
If only basic DDoS mitigation capability is provided for a cloud service and blackhole filtering is triggered, you must wait for the automatic deactivation of blackhole filtering. We recommend that you use an Anti-DDoS paid edition that supports both automatic and manual deactivation of blackhole filtering. For more information, see Deactivate blackhole filtering (Anti-DDoS Origin paid editions) and Deactivate blackhole filtering (Anti-DDoS Pro and Anti-DDoS Premium).
If key files exist in an Elastic Compute Service (ECS) instance on which blackhole filtering is triggered, you can transfer the files to another normal ECS instance or modify configuration files on this ECS instance. For more information, see Connect to an ECS instance for which blackhole filtering is triggered.