> For the complete documentation index, see [llms.txt](https://docs.console.zenlayer.com/welcome/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.console.zenlayer.com/welcome/elastic-compute/ddos-protection/08-best-practices.md). # Best Practices ## Deploy in DDoS-protected regions when possible For workloads sensitive to DDoS attacks, choose regions with DDoS Protection. The BGP diversion and scrubbing pipeline provides significantly stronger defense than threshold-based blocking alone. See [Regional Availability](/welcome/elastic-compute/ddos-protection/02-ddos-protection.md#regional-availability) for the current list. ## Validate thresholds before you need them Default thresholds are calibrated for general workloads — not tuned for yours. If your application routinely runs near those limits (a media server with sustained high BPS, a game server with high PPS), you're one traffic spike away from a false-positive block. Review your peak traffic metrics against your current thresholds and adjust proactively. Navigate to the [Elastic IPv4](https://console.zenlayer.com/zec/elastic-ip) page, click the **⋯** menu in the Actions column, and select **Change Block Threshold**. ## Take OutCPS blocks seriously An OutCPS-triggered block usually means an instance is initiating outbound connections at an abnormal rate — a common sign of compromise. When you see one, check the instance for unusual processes or connections before re-enabling internet access. ## Use DDoS Protection policies for proactive defense Leverage fingerprint rules, geo-blocking, and IP allow/block lists to proactively reduce your attack surface rather than relying solely on reactive threshold-based blocking. See the [Configuration Guide](/welcome/elastic-compute/ddos-protection/09-configuration-guide.md) for setup instructions. ## Design for block resilience Blocks last 2 hours by default. If uptime is critical, don't rely on a single EIP per service — use multiple EIPs with load balancing so that a block on one doesn't take down the service entirely. ## Understand the cleaning lifecycle Cleaning events progress through defined states (Cleaning → End Cleaning, or Cleaning → Blackhole → End Blackhole). If you see frequent escalations to blackhole, review and optimize your DDoS policies in the [management console](https://console.zenlayer.com/zec/ddos/policy). See [Cleaning Event Lifecycle](/welcome/elastic-compute/ddos-protection/02-ddos-protection.md#cleaning-event-lifecycle) for details. *** ## Troubleshooting **My EIP is blocked and I can't reach my instance** Your EIP was likely blackholed due to a threshold breach. Go to the [DDoS Protection events page](https://console.zenlayer.com/zec/ddos/attack) to check status and manually release the blackhole. **I'm getting blocked during normal traffic spikes** Your thresholds may be too low for your workload. Navigate to the [Elastic IPv4](https://console.zenlayer.com/zec/elastic-ip) page, click the **⋯** menu on the affected EIP, and select **Change Block Threshold**. **My instance is sending outbound traffic I didn't initiate** An OutCPS block means your instance may be compromised. Investigate running processes and connections before re-enabling internet access. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.console.zenlayer.com/welcome/elastic-compute/ddos-protection/08-best-practices.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.