What can I do if my app is subjected to a DDoS attack?
Whilst the Heroku platform has measures in place to prevent some kinds of DDoS https://www.heroku.com/policy/security#ddos for attacks at the application level we recommend configuring this protection in your application server if needed. There are several solutions available for the various languages we support e.g. rack-attack for Ruby and express-rate-limit for Node.
For more sustained, high-volume or sophisticated attacks we recommend using a dedicated DDoS mitigation service such as Fastly or CloudFlare. These types of service have a dedicated edge network and real-time analysis to help stop attackers at the source.