Protection Configuration

EIP

  • API Reference
    • API function release records
    • API Service Domain Name
    • API Specifications
    • Appendix 1
    • Bandwidth Package Related Interfaces
      • Adjust the bandwidth of the bandwidth package
      • Create bandwidth package
      • Query bandwidth package details
      • Query bandwidth package list information of users
      • Release bandwidth package
      • Update the automatic release time of the bandwidth package
      • Update the name of the bandwidth package
    • DDoS Basic Protection Related Interfaces
      • Modify DDoS basic protection threshold
      • Query DDoS Basic Protection Attack Records
      • Query DDoS basic protection list
    • EIP Related Interfaces
      • Apply for EIP
      • Bind EIP
      • Disable EIP direct
      • EIP bandwidth scaling
      • EIP renewal has been enabled
      • Enable EIP direct
      • Query EIP list in bucket trash
      • Query EIP list
      • Release EIP
      • Release EIPs in the bucket trash
      • Renew EIP
      • Restore EIPs in the bucket trash
      • Selective release of EIP
      • Unbind EIP
      • Unsubscribe prepaid EIP
      • Update EIP Release Protection Switch
    • Error code
    • General Description
    • Inquiry Related
      • Bandwidth package price inquiry
      • EIP Inquiry
      • EIPGROUP Inquiry
      • Shared Traffic Package Inquiry
    • Interface Overview
    • Overview
    • Prerequisites for use
    • Shared Bandwidth Related Interfaces
      • Bandwidth scaling up for EIPGROUP
      • Create EIPGROUP
      • EIPGROUP IP count upgrade
      • EIPGROUP release
      • EIPGROUP renewal
      • EIPGROUP update
      • Migrate EIP from EIPGROUP
      • Migrate EIP into EIPGROUP
      • Query EIPGROUP details
      • Query the EIPGROUP list
      • Unsubscribe prepaid EIPGROUP
    • Shared Traffic Package Related Interfaces
      • Create a shared traffic package
      • Query shared traffic package details
      • Query shared traffic package list
    • TBSP Related Interfaces
      • Add Protection IP Allow List
      • Add Protocol Blocking
      • Add Region Blocking
      • Bind Protection Object
      • Close Protection IP Cleaning
      • Create TBSP
      • Delete Protection IP Allow List
      • Delete Protection Object
      • Delete Protocol Blocking
      • Delete Region Blocking
      • Modify Protection IP Cleaning Threshold
      • Modify Protection IP Protection Level
      • Open Protection IP Cleaning
      • Query Protection IP Allow List
      • Query Protection IP Cleaning Threshold List
      • Query Protocol Blocking List
      • Query Region Blocking List
      • Query TBSP Details
      • Query TBSP List
      • TBSP Capacity dilatation
      • TBSP renew
  • FAQs
    • Billing class
    • Configuration
    • Consultation
    • Security class
  • Function Release Records
  • Operation guide
    • Address pool
    • Bandwidth package
      • Bandwidth scale-up package
      • Cross-border acceleration package
    • Certification
    • DDoS standard protection
    • EIP Instance
      • Create instance
      • EIP Direct Connect
      • IPv6 Termination
      • Manage Alarms
      • Operation Instance
      • Shift Charge
      • View monitoring
    • EIP Self-Service Diagnostics
      • EIP Instance Diagnosis
    • EIPGROUP
      • Bind cloud resources
      • Manage Shared Bandwidth
      • Purchase Shared Bandwidth
      • View monitoring
    • High Defense EIP
    • Identity and access management
    • Recycle bin
    • Shared traffic package
      • Purchase Shared Traffic Package
      • View Shared Traffic Package
    • Tag Management
    • Traffic Burst Service Package
      • Instance management
      • Monitor alarm
      • Protection Configuration
    • Unblocking Center
  • Product Description
    • Application scenarios
    • Product advantages
    • Product Introduction
    • Usage restrictions
  • Product pricing
    • Bandwidth Package Billing
    • EIP Instance Billing
    • EIPGROUP Billing
    • Shared Traffic Package Billing
    • TBSP Billing
  • SDK
    • GO-SDK
      • DDoS Instance
      • EIP Instance
      • EipBp Instance
      • EIPGROUP Instance
      • EipTp Instance
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
    • Java-SDK
      • EIP Instance
      • EipBP Instance
      • EIPGROUP Instance
      • EipTp Instance
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
      • Version history
    • PHP-SDK
      • EIP Instance
      • EipBP Instance
      • EIPGROUP Instance
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
      • Version history
    • Python-SDK
      • EIP Instance
      • EipBP Instance
      • EIPGROUP Instance
      • EipTp Instance
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
      • Version history
  • Service Level Agreement (SLA)
    • EIP Service Level Agreement SLA
    • TBSP Service Level Agreement SLA
  • Typical Practices
    • Bring Your Own Overseas Public IP Address to the Cloud
    • IPv6 Public Network Access
    • Save Public Network Costs
    • TCP Port 25 Restriction Description
All documents
menu
No results found, please re-enter

EIP

  • API Reference
    • API function release records
    • API Service Domain Name
    • API Specifications
    • Appendix 1
    • Bandwidth Package Related Interfaces
      • Adjust the bandwidth of the bandwidth package
      • Create bandwidth package
      • Query bandwidth package details
      • Query bandwidth package list information of users
      • Release bandwidth package
      • Update the automatic release time of the bandwidth package
      • Update the name of the bandwidth package
    • DDoS Basic Protection Related Interfaces
      • Modify DDoS basic protection threshold
      • Query DDoS Basic Protection Attack Records
      • Query DDoS basic protection list
    • EIP Related Interfaces
      • Apply for EIP
      • Bind EIP
      • Disable EIP direct
      • EIP bandwidth scaling
      • EIP renewal has been enabled
      • Enable EIP direct
      • Query EIP list in bucket trash
      • Query EIP list
      • Release EIP
      • Release EIPs in the bucket trash
      • Renew EIP
      • Restore EIPs in the bucket trash
      • Selective release of EIP
      • Unbind EIP
      • Unsubscribe prepaid EIP
      • Update EIP Release Protection Switch
    • Error code
    • General Description
    • Inquiry Related
      • Bandwidth package price inquiry
      • EIP Inquiry
      • EIPGROUP Inquiry
      • Shared Traffic Package Inquiry
    • Interface Overview
    • Overview
    • Prerequisites for use
    • Shared Bandwidth Related Interfaces
      • Bandwidth scaling up for EIPGROUP
      • Create EIPGROUP
      • EIPGROUP IP count upgrade
      • EIPGROUP release
      • EIPGROUP renewal
      • EIPGROUP update
      • Migrate EIP from EIPGROUP
      • Migrate EIP into EIPGROUP
      • Query EIPGROUP details
      • Query the EIPGROUP list
      • Unsubscribe prepaid EIPGROUP
    • Shared Traffic Package Related Interfaces
      • Create a shared traffic package
      • Query shared traffic package details
      • Query shared traffic package list
    • TBSP Related Interfaces
      • Add Protection IP Allow List
      • Add Protocol Blocking
      • Add Region Blocking
      • Bind Protection Object
      • Close Protection IP Cleaning
      • Create TBSP
      • Delete Protection IP Allow List
      • Delete Protection Object
      • Delete Protocol Blocking
      • Delete Region Blocking
      • Modify Protection IP Cleaning Threshold
      • Modify Protection IP Protection Level
      • Open Protection IP Cleaning
      • Query Protection IP Allow List
      • Query Protection IP Cleaning Threshold List
      • Query Protocol Blocking List
      • Query Region Blocking List
      • Query TBSP Details
      • Query TBSP List
      • TBSP Capacity dilatation
      • TBSP renew
  • FAQs
    • Billing class
    • Configuration
    • Consultation
    • Security class
  • Function Release Records
  • Operation guide
    • Address pool
    • Bandwidth package
      • Bandwidth scale-up package
      • Cross-border acceleration package
    • Certification
    • DDoS standard protection
    • EIP Instance
      • Create instance
      • EIP Direct Connect
      • IPv6 Termination
      • Manage Alarms
      • Operation Instance
      • Shift Charge
      • View monitoring
    • EIP Self-Service Diagnostics
      • EIP Instance Diagnosis
    • EIPGROUP
      • Bind cloud resources
      • Manage Shared Bandwidth
      • Purchase Shared Bandwidth
      • View monitoring
    • High Defense EIP
    • Identity and access management
    • Recycle bin
    • Shared traffic package
      • Purchase Shared Traffic Package
      • View Shared Traffic Package
    • Tag Management
    • Traffic Burst Service Package
      • Instance management
      • Monitor alarm
      • Protection Configuration
    • Unblocking Center
  • Product Description
    • Application scenarios
    • Product advantages
    • Product Introduction
    • Usage restrictions
  • Product pricing
    • Bandwidth Package Billing
    • EIP Instance Billing
    • EIPGROUP Billing
    • Shared Traffic Package Billing
    • TBSP Billing
  • SDK
    • GO-SDK
      • DDoS Instance
      • EIP Instance
      • EipBp Instance
      • EIPGROUP Instance
      • EipTp Instance
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
    • Java-SDK
      • EIP Instance
      • EipBP Instance
      • EIPGROUP Instance
      • EipTp Instance
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
      • Version history
    • PHP-SDK
      • EIP Instance
      • EipBP Instance
      • EIPGROUP Instance
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
      • Version history
    • Python-SDK
      • EIP Instance
      • EipBP Instance
      • EIPGROUP Instance
      • EipTp Instance
      • Exception handling
      • Initialization
      • Install the SDK Package
      • Overview
      • Version history
  • Service Level Agreement (SLA)
    • EIP Service Level Agreement SLA
    • TBSP Service Level Agreement SLA
  • Typical Practices
    • Bring Your Own Overseas Public IP Address to the Cloud
    • IPv6 Public Network Access
    • Save Public Network Costs
    • TCP Port 25 Restriction Description
  • Document center
  • arrow
  • EIP
  • arrow
  • Operation guide
  • arrow
  • Traffic Burst Service Package
  • arrow
  • Protection Configuration
Table of contents on this page
  • Cleaning threshold
  • IP allow list
  • Region blocking
  • Protocol Blocking

Protection Configuration

Updated at:2025-10-16

Cleaning threshold

When the traffic on an EIP exceeds normal levels, TBSP works to mitigate attack traffic and ensure service availability. Users can customize cleaning thresholds based on their regular traffic levels.

  1. Sign in to the Management Console and select Product Services - Network - EIP.
  2. Navigate to TBSP in the left-hand menu to view the TBSP list.
  3. Select the instance name to view details, and then choose Protection Policy from the left menu to modify policies.
  4. Go to the Cleaning Threshold tab to view the configuration page.
  5. Click on Modify Threshold to open a dialog box.
  6. Fill in the following configuration information:
ConfigMap Description
Threshold configuration method Select the threshold setting method, with three options available:
  • By bandwidth upper limit: Set DDoS protection thresholds based on the purchased public IP bandwidth limit
  • Smart threshold: Automatically adjust the DDoS protection threshold based on actual service conditions of the user
  • Custom threshold: Independently configure DDoS protection thresholds
Cleaning trigger threshold Users can customize the cleaning thresholds for traffic bandwidth (Mbps) as well as messages per second (pps)
  1. After clicking OK, the cleaning threshold will be successfully updated.

image.png

Description:

  • The list allows configuring the ping-blocking switch. When turned on, ping packets are filtered, thereby reducing attack risks.
  • When you purchase TBSP, you are entitled to a daily quota of 4 unblock operations at no additional cost.

IP allow list

Set up an IP allow list to grant direct access to listed source IPs, bypassing protection filters.

  1. Sign in to the Management Console and select Product Services - Network - EIP.
  2. Navigate to TBSP in the left-hand menu to view the TBSP list.
  3. Select the instance name to view details, and then choose Protection Policy from the left menu to modify policies.
  4. Open the IP Allow List tab to manage its configuration.
  5. Select Add IP Allow List to display a pop-up window.
  6. Fill in the following configuration information:
ConfigMap Description
IP Select the IP to be protected
Allow list network segment Users can add IPs or network segments
  1. Click OK to finalize adding an entry to the IP allow list.

image.png

Region blocking

By adding the EIP to TBSP, you can configure region blocking to automatically discard cross-border traffic.

  1. Sign in to the Management Console and select Product Services - Network - EIP.
  2. Navigate to TBSP in the left-hand menu to view the TBSP list.
  3. Select the instance name to view details, and then choose Protection Policy from the left menu to modify policies.
  4. Go to the Region Blocking tab to manage its configuration.
  5. Select Add Region Blocking to open a dialog box.
  6. Fill in the following configuration information:
ConfigMap Description
Blocked region The blocked region is set to overseas areas by default, discarding cross-border service traffic
IP Select the IP to be protected
Set block duration Available time range: 30 minutes to 1 day. Block duration cannot be modified after configuration
  1. Click OK to complete the addition of the region block.

Description:

  • Each traffic burst package instance is allocated a default limit of 10 traffic block triggers every month.

image.png

Protocol Blocking

Users can set up ICMP blocks and TCP/UDP blocked ports for protected IPs. Once configured, any associated attack traffic requests will be blocked during link probes.

  1. Sign in to the Management Console and select Product Services - Network - EIP.
  2. Navigate to TBSP in the left-hand menu to view the TBSP list.
  3. Select the instance name to view details, and then choose Protection Policy from the left menu to modify policies.
  4. Go to the Protocol Blocking tab to access the protocol blocking configuration page.
  5. Select Add Region Blocking to open a dialog box.
  6. Fill in the following configuration information:
ConfigMap Description
IP Select the IP to be protected
ICMP block Disabled by default; it blocks ICMP protocol after being enabled
TCP port block Defaulted as disabled. When enabled, enter TCP ports to block TCP ports, with specific ports and port ranges supported, e.g., 80, 8080-9000
UDP port block Defaulted as disabled. When enabled, enter UDP ports to block UDP ports, with specific ports and port ranges supported, e.g., 80, 8080-9000
  1. Click OK to complete the process of adding the protocol block.

image.png

Previous
Monitor alarm
Next
Unblocking Center