What is blocking?
Once the attack traffic exceeds the blocking threshold, Tencent Cloud will notify the related ISP to block the attacked IP from the Internet.
Note:
The blocking threshold of a protected IP of an Anti-DDoS instance is equal to the maximum protection capability in the related region.
Integrating the local cleansing capability, all-out protection aims to spare no effort to successfully defend against every DDoS attack.
In short, once the traffic attacking your IP exceeds the maximum protection capability Tencent Cloud supports in the current region, Tencent Cloud will block the IP from all public network access.
How do I unblock my IP?
IP blocking is a service Tencent Cloud purchases from ISPs with limitations on the number of times and the frequency of unblocking.
Note:
Only three chances of self-service unblocking are available for each Anti-DDoS Pro and Anti-DDoS Advanced user every day. The system resets the chance counter daily at midnight. Unused chances will not be carried forward to the next day.
Why is my IP blocked?
Tencent Cloud reduces cloud costs by sharing infrastructure, with one public IP shared among all users. When a high-traffic attack occurs, the entire Tencent Cloud network may be affected, not only the attack targets.
To protect other users and ensure network stability, we have to block the target IP.
Blocking duration
An attacked IP is blocked for two hours by default. The actual duration can be up to 24 hours depending on how many times the IP is blocked and how high the peak attack bandwidth is. The blocking duration is mainly affected by the following factors:
Continuity of the attack: The blocking duration will extend if an attack continues. Once the duration extends, a new blocking cycle will start.
Frequency of the attack: Users who are frequently attacked are more likely to be attacked continuously. In such a case, the blocking duration extends automatically.
Traffic volume of the attack: The blocking duration extends automatically in case of an ultra-large volume of attack traffic.
Note:
For IPs that are blocked frequently, Tencent Cloud reserves the right to extend the blocking duration and lower the blocking threshold.
Why can't my IP be unblocked immediately?
A DDoS attack usually does not stop immediately after the target IP is blocked and the attack duration varies. Tencent Cloud security team sets the default blocking duration based on big data analysis.
Since IP blocking takes effect in ISPs' networks, Tencent Cloud is unable to monitor whether the attack traffic has stopped after the attacked public IP is blocked. If the IP is recovered but the attack is still going on, the IP will be blocked again. During the gap between the IP being recovered and blocked again, Tencent Cloud's basic network will be exposed to the attack traffic, which may affect other Tencent Cloud users. In addition, IP blocking is a service Tencent Cloud purchases from ISPs with limitations on the number of times and the frequency of unblocking.