What can I do if my app is subjected to a DDoS attack?
While the Heroku platform has measures in place to prevent some kinds of DDoS, for attacks at the application level we recommend configuring this protection in your application server if needed. There are several solutions available for the various languages we support e.g. rack-attack for Ruby and express-rate-limit for Node.
For more sustained, high-volume or sophisticated attacks we recommend using a dedicated DDoS mitigation service. These types of service usually have a dedicated edge network and real-time analysis to help stop attackers before they reach your application server.
Additionally we suggest running your application in the Private Spaces runtime so you can take advantage of the Trusted IP Ranges feature.