# Configuration Guide

Use the quick references below to configure DDoS protection for your ZEC instances.

## DDoS Protection Policies

Configure cleaning policies for your EIPs, including rate limits, fingerprint rules, and geographic filtering.

**Console:** [DDoS Protection → Policies](https://console.zenlayer.com/zec/ddos/policy/create)

## EIP Threshold Adjustment

Review and adjust per-EIP thresholds for BPS, PPS, InCPS, and OutCPS.

**Console:** Navigate to the [Elastic IPv4](https://console.zenlayer.com/zec/elastic-ip) page, click the **⋯** menu in the Actions column, and select **Change Block Threshold**.

## Geographic Filtering

Block inbound traffic from specific countries.

**Console:** [DDoS Protection → Policies → Geo Rules](https://console.zenlayer.com/zec/ddos/policy/create)

## IP Allow/Block Lists

Add or remove source IPs from your allow list or block list.

**Console:** [DDoS Protection → Policies → IP Lists](https://console.zenlayer.com/zec/ddos/policy/create)

## Fingerprint Rules

Define custom payload-matching rules to block specific attack signatures.

**Console:** [DDoS Protection → Policies → Fingerprints](https://console.zenlayer.com/zec/ddos/policy/create)

## Blackhole Management

View active blackhole events and manually release a blackhole before expiration.

**Console:** [DDoS Protection → Events](https://console.zenlayer.com/zec/ddos/attack)

## Notification Settings

Configure email recipients and notification preferences for DDoS events.

**Console:** [Notification Settings](https://console.zenlayer.com/notification/)