Can I use Heroku to block/manage certain kinds of traffic in my app?
Whilst Heroku protects against certain kinds of attacks at the platform level, it doesn't offer any user configurable firewall for individual apps. We recommend configuring this protection on your application server if needed. There are several solutions available for the various languages we support e.g. the
rack-attack gem for Ruby
For more sustained, high-volume or sophisticated attacks we recommend using a dedicated DDoS mitigation service.
You can also make use of the Expedited WAF addon. The Expedited WAF is an add-on that provides a web application firewall (WAF) as a service with both automated protections and additional tools to improve the security of your Heroku applications. We have a detailed article on this - https://devcenter.heroku.com/articles/expeditedwaf.