tencent cloud

Anti-DDoS

Release Notes and Announcements
Release Notes
Announcements
Product Introduction
Overview
Strengths
Use Cases
Concepts
Blocking Policies
Relevant Products
Comparison of Anti-DDoS Solutions
Purchase Guide
Billing Overview
Purchase Directions
Getting Started
Anti-DDoS Pro
Anti-DDoS Advanced
Operation Guide
Operation Overview
Protection Overview
Usage Limits
Asset Center
Business Connection
Smart Scheduling
Protection Configuration
Security Operations
Service Management
Practical Tutorial
Remote Protection Scheme with Anti-DDoS Pro
Using Anti-DDoS Pro Together with WFA
Suggestions on Stress Tests
Solutions to Real Server IP Exposure
Creating an Anti-DDoS EIP
Configuration Directions and Notes on CC Protection Policies
Syncing Forwarding Rules to New Anti-DDoS Advanced Instances
‌Smart Scheduling of CTCC/CUCC/CMCC Traffic
Troubleshooting
Business IPs Blocked Due to High-traffic Attacks
‌Business IPs Blocked When DDoS Attack Traffic Doesn't Reach the Threshold
How to Fix a 502 Bad Gateway Error
"No ICP filing" Prompted During Domain Name Connection
A public IP suffered DDoS attacks
API Documentation
History
Introduction
API Category
Making API Requests
Anti-DDoS Advanced Instance APIs
Resource List APIs
Protection Configuration APIs
Other APIs
Alarm Notification APIs
Connection Configuration APIs
Intelligent Scheduling APIs
Black hole unblocking APIs
Statistical Report APIs
Data Types
Error Codes
FAQs
Blocking
Attacks
Features
Billing
Service Level Agreement
Product Policy
Privacy Policy
Data Processing And Security Agreement
Glossary
Documentation Anti-DDoSTroubleshooting‌Business IPs Blocked When DDoS Attack Traffic Doesn't Reach the Threshold

‌Business IPs Blocked When DDoS Attack Traffic Doesn't Reach the Threshold

PDF
Focus Mode
Font Size
Last updated: 2024-07-01 11:40:46

Issue

The attack traffic did not reach the purchased blocking threshold, but the IP was blocked.

Possible causes

You have purchased Anti-DDoS Pro, and the total attack traffic at all network egresses has not reached the purchased threshold, but the IP was blocked. The calculation method is to compare the attack traffic at all network egresses with the purchased threshold.
1. There are two types of blocking based on the location of the blocked node.
TIX blocking: The IP is blocked by Tencent's egress gateway. The blocking threshold is adjustable.
ISP blocking: The IP is blocked by the ISP. The blocking threshold is basically fixed.
2. In case of ISP blocking, there are two ways of blocking.
Single-IP blocking: When an IP's traffic reaches the single-IP blocking threshold of a certain egress (set according to the egress bandwidth), it will be blocked.
Multi-IP blocking: When the total IDC traffic (attack traffic + business traffic) in a certain detection range exceeds the multi-IP blocking threshold, multi-IP blocking will be triggered.


Solutions

After the attack is over, you can perform manual unblocking or wait for auto unblocking.

Troubleshooting the Issue

1. Log in to the Anti-DDoS console and click Unblocking Service on the left sidebar to view the remaining number of times of manual unblocking.
If the remaining number of times of manual unblocking is 0, proceed to Step 5 or wait for auto unblocking.
Otherwise, proceed to Step 2.
Note:
For more information on the auto unblocking time, please see the Estimated unblocking time value on the Unblocking Service page in the console.

2. 
Check whether the attack has stopped by clicking Overview.

If yes, proceed to Step 3.
If no, continue the unblocking operation and perform Step 3 after the attack is over.
Note:
If the attack persists, you cannot perform unblocking, and you need to wait for the attack to end before manual unblocking or auto unblocking.
3. 
On the left sidebar, click Unblocking Service.

4. On the Unblocking Service page, find the protected IP in the Auto Unblocking status and click Unblock in the Operation column on the right.
5. 
The suggestions for users of different Anti-DDoS services are as follows:

If you use Anti-DDoS Basic, we recommend you purchase Anti-DDoS Pro (available in Guangzhou, Shanghai, and Beijing regions). Then, you can perform unblocking when binding devices for the first time.
If you use Anti-DDoS Pro or Advanced, we recommend you upgrade your protection package so as to increase the number of protected IPs or times of protection and perform unblocking earlier.

Previous Topic: Business IPs Blocked Due to High-traffic AttacksNext Topic: How to Fix a 502 Bad Gateway Error

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback