Does Heroku offer DDoS (Denial of Service) mitigation?
Whilst the Heroku platform has measures in place to prevent some kinds of DDoS https://www.heroku.com/policy/security#ddos for attacks at the application level we recommend configuring this protection in your application server if needed. There are several solutions available for the various languages we support e.g. the
rack-attack gem for Ruby
For more sustained, high-volume or sophisticated attacks we recommend using a dedicated DDoS mitigation service such as Fastly or CloudFlare. These types of service have a dedicated edge network and real-time analysis to help stop attackers at the source.