Web Application Firewalls tuned for Heroku. Starting at $75/mo.
Our Web Application Firewall (WAF) sits between your Heroku application and the Internet. It’s both a Content Delivery Network (speeding up requests) and a Web Application Firewall (blocking attacks and bad clients).
Client requests to your application are routed to the closest globally located edge server, letting us block attacks before they ever touch your dynos.
We’re the fastest way to go from start to secure. Setup can be completed in as little as 20 minutes.
Our WAF works at the network level (before requests hit your Heroku Dynos), This lets it seamlessly protect any language or framework in your stack.
Are users actively using your app? Our onboarding will slowly roll them over to the Expedited Security WAF as their DNS updates.
This lets you confidently cut-over with the absolute least amount of disruption.
By automatically detecting the patterns of Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), SQL Injection and thousands of other specific attacks against web frameworks and Content Management Systems that we’ve formed an Intrusion Detection System that can proactively block attacks.
Set passwords blocking access to specific pages on your site. Restrict access to only specific IP addresses. Stop bots from reading pages with Captcha challenges.
Patching, by definition, is a security fix that can only help once a problem is identified, researched, tested and deployed. In the window, while that’s happening what’s protecting your application?
Similarly, vulnerability scanning is great, but it doesn’t actually stop attacks happening against your application.
Stop anonymous IPs, web-scrapers, abusive bots and spiders run amuck before they even reach your app.
Serve your static pages and assets from servers located around the world. Drop load times with advanced brotli compression (falling back to gzip). Connect clients to your site faster with HTTP/2 (“SPDY”).
All without writing a line of code.
Craft specific rules stopping bots by User Agent, Country, custom cookie’s or referrers.
Automatically shut down abusive bots crawling your site for vulnerabilities.
Expedited Security is a team player. We consider Defense in Depth (layering multiple different security services) to be a key component of securing modern web apps. Which is why we work great with your existing vulnerability scanning service, Rack::Attack style rate limiter or custom security controls.
By operating at the network request level, Expedited WAF is able to better secure your application without the need to write, test and deploy new code.
The available application locations for this add-on are shown below, and depend on whether the application is deployed to a Common Runtime region or Private Space. Learn More
|Region||Available||Installable in Space|
Need a larger plan? Let our customer success team help! Learn more.
To provision, copy the snippet into your CLI or use the install button above.