What can I do if my app is subjected to a DDoS attack?
While the Heroku platform has measures in place to prevent some kinds of DDoS, for attacks at the application level we recommend configuring this protection in your application server if needed. There are several solutions available for the various languages we support e.g. rack-attack for Ruby and express-rate-limit for Node.
For more sustained, high-volume or sophisticated attacks we recommend using a dedicated DDoS mitigation service such as Fastly or CloudFlare. These types of service have a dedicated edge network and real-time analysis to help stop attackers before they reach your application server.