If Anti-DDoS Basic blocks legitimate traffic by mistake, add the source IP to the Security Control whitelist to restore access.
Why legitimate IPs get blocked
In a NAT environment where LAN hosts share a public IP, if any host is compromised and attacks an ECS instance, Alibaba Cloud Security blocks the shared public IP. This blocks all hosts behind that IP, including legitimate ones.
Add the blocked IP to the Security Control whitelist to restore access.
Procedure
- Log on to the Alibaba Cloud Security Control console.
Note You can also hover your mouse on the account icon in the upper-right corner of the Alibaba Cloud console and click Security Control.
- Go to and click Add.
- Select an object type and enter a source IP outside your Alibaba Cloud account. Select object IPs from the left list (for example, an ECS public IP), click the right arrow to add them to the right list, and click OK. Traffic from the source IP to the selected object IPs is no longer restricted by Security Control.
Note To allow access from any IP, enter 0.0.0.0 in the Source IP field.