Does Heroku offer a Web Application Firewall (WAF)?


Can I use Heroku to block/manage certain kinds of traffic in my app?


Whilst Heroku protects against certain kinds of attacks at the platform level, it doesn't offer any user configurable firewall for individual apps. We recommend configuring this protection on your application server if needed. There are several solutions available for the various languages we support e.g. the rack-attack gem for Ruby

For more sustained, high-volume or sophisticated attacks we recommend using a dedicated DDoS mitigation service.

You can also make use of the Expedited WAF addon. The Expedited WAF is an add-on that provides a web application firewall (WAF) as a service with both automated protections and additional tools to improve the security of your Heroku applications. We have a detailed article on this -

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support