Help Center/ Cloud Firewall/ FAQs/ Troubleshooting/ What Do I Do If IPS Blocks Normal Services?
Updated on 2025-07-23 GMT+08:00

What Do I Do If IPS Blocks Normal Services?

IPS detects and defends against access traffic in real time based on the attack defense experience and rules accumulated over the years, blocking common network attacks and effectively protecting your assets.

Check attack event logs. If you can confirm that normal service traffic was blocked, perform either of the following operations:

Querying Hit Rules and Modifying Protection Actions

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation pane, choose Log Audit > Log Query. Click the Attack Event Logs query and record the Rule ID of the rule that blocks traffic.

    Figure 1 Rule ID

  6. Click View Effective Rules under Basic Protection.
  7. Search for the rule by its ID. In the Operation column, change its action to Observe or Disable.

    • Observe: The firewall logs the traffic that matches the current rule and does not block the traffic.
    • Disable: The firewall does not log or block the traffic that matches the current rule.
    Figure 2 Changing the protection mode of a rule

References

If traffic was not blocked by IPS but services are still unavailable, rectify the fault by referring to What Can I Do If Services Cannot Be Accessed After a Policy Is Configured on CFW?.