This topic describes how to manually deactivate blackhole filtering that is triggered for an IP address that is protected by Anti-DDoS Origin Enterprise.

Background information

Blackhole filtering can be automatically or manually deactivated.
  • Automatic deactivation: You can view the time period after which blackhole filtering is automatically deactivated on the Assets page of the Anti-DDoS Origin console. If the time period is acceptable, we recommend that you wait until blackhole filtering is automatically deactivated. For more information, see View the duration of blackhole filtering
  • Manual deactivation: If you want to deactivate blackhole filtering at the earliest opportunity, you can manually deactivate blackhole filtering. After you purchase an Anti-DDoS Origin Enterprise instance, you can deactivate blackhole filtering 100 times per month free of charge. In the validity period of your Anti-DDoS Origin Enterprise instance, the number of times to deactivate blackhole filtering is automatically reset to 100 at the beginning of each month.
    Note If the number of times in a month is not used up, the system clears the remaining times by the end of the month and does not add the times to the number in the next month.


  1. Log on to the Traffic Security console.
  2. In the left-side navigation pane, choose Network Security > Anti-DDoS Origin > Protected Objects.
  3. In the top navigation bar, select the resource group and region of your instance.
  4. On the Protected Objects page, select the required Anti-DDoS Origin Enterprise instance and find the protected IP address that is in the Blackholing state. Then, click Deactivate Black Hole in the Actions column.
  5. In the Deactivate Black Hole dialog box, view the remaining times that you can deactivate blackhole filtering and click OK.
    Note Blackhole filtering is a risk management policy used by the backend servers of Alibaba Cloud. If your request to deactivate blackhole filtering fails, your deactivation times for the day are not deducted.


If blackhole filtering is deactivated, the value in the Status column of the protected IP address is changed from Blackholing to Normal. If you fail to deactivate blackhole filtering, an error message appears. We recommend that you wait one minute and try again.