EIP Blocked Rules

EIP Blocked Rules are available in every region and are always active. When traffic to or from an EIP crosses a configured threshold, the rules trigger automatically — no DDoS Protection required. In regions without DDoS Protection, this is your primary inbound defense. In regions with DDoS Protection, it operates as a second layer after cleaning.

How It Works

Each EIP is assigned a set of traffic thresholds. The system continuously monitors traffic metrics and compares them against these thresholds. When any threshold is exceeded, the system takes protective action:

• Inbound threshold breach (BPS, PPS, or InCPS): Traffic to the affected EIP is blackholed, dropping all inbound packets to prevent the attack from saturating your instance or impacting other tenants.

• Outbound threshold breach (OutCPS): Internet connectivity for the affected EIP is restricted at the network interface level, preventing a potentially compromised instance from participating in outbound attacks.

Configurable Thresholds

Each EIP supports both system-default and custom thresholds. Custom thresholds allow you to fine-tune protection to match your specific workload characteristics.

To adjust thresholds for a specific EIP, navigate to the Elastic IPv4 page, find the target EIP, click the ⋯ menu in the Actions column, and select Change Block Threshold.

Blocking actions are temporary and automatically expire after a configurable duration (default: 2 hours), after which traffic is re-evaluated.