Does Heroku offer a Web Application Firewall (WAF)?
Whilst Heroku protects against certain kinds of attacks at the platform level, it doesn't offer any user configurable firewall for individual apps. We recommend configuring this protection in your application server if needed. There are several solutions available for the various languages we support e.g. the
rack-attack gem for Ruby
For more sustained, high-volume or sophisticated attacks we recommend using a dedicated service such as Fastly or CloudFlare. These have more sophisticated features for controlling traffic to your app.