A server may encounter a distributed denial of service (DDoS) attack. After a black hole is triggered due to the attack, access from clients to the public IP address of the server is blocked for a period of time. The access is unblocked after the duration of the black hole expires. The default black hole duration for an asset changes based on the region where the asset resides. You can view the duration of a black hole for an asset in the Anti-DDoS Basic console.

Background information

The default duration of a black hole is 2.5 hours and you cannot disable the black hole during the period. In practical scenarios, the black hole duration depends on the attack situation and may range from 30 minutes to 24 hours. The duration of a black hole changes based on the following factors:
  • The duration of attacks. If attacks continue, the black hole duration is extended.
  • The frequency of attacks. If an asset experiences attacks for the first time, the black hole duration automatically decreases. Otherwise, assets that experience frequent attacks have a high probability to encounter continuous attacks. In such cases, the black hole duration is automatically extended.

You can refer to the Anti-DDoS Pro console for more details about the black hole triggering threshold and black hole duration.

  • If excessive breaches of the black hole threshold occur on an asset, Alibaba Cloud reserves the right to extend the black hole duration and decrease the black hole threshold for the asset.
  • Blackhole filtering is a service that Internet service providers (ISPs) provide for Alibaba Cloud. Specific black hole triggering thresholds are predefined by ISPs. In most cases, the duration of a black hole is greater than or equal to 30 minutes. The duration of each black hole for an account changes based on the security credits of the account.

For more information about black hole policies that Alibaba Cloud provides, see Alibaba Cloud black hole policies.


  1. Log on to the Alibaba Cloud Anti-DDoS Basic console.
  2. On the top of the Assets page, select a region.
  3. On the top of the Assets page, view DDoS Attack Protection Information.
    The duration after Blackholing Disabled At in the DDoS Attack Protection Information section refers to the black hole duration for an asset in the specified region.Black hole duration