Web Application Firewalls tuned for Heroku. Starting at $75/mo.
A WAF automatically examines each web request to your Heroku application looking for potential attacks, blocking bad bots, stopping DDoS attacks and increasing the overall security of your application.
Additionally, custom rules blocking IPs, user agents, countries and more can be applied to respond to threats.
Web and API requests to your application are routed through the WAF, letting us block attacks before they ever touch your Heroku dynos.
Malicious bots constantly look for vulnerabilities on every public website, from small startups to giant enterprises.
Internet bots are notoriously misbehaved. SEO bots will crawl your site for competitors, DDOS probes look for sites to blackmail and sites are continuously probed for known vulnerabilities.
Expedited WAF can automatically stop most bots from accessing your site.
Our Intrusion Detection System automatically stops web requests that match patterns of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection, and other attacks.
Stop anonymous IPs, web-scrapers, abusive bots and spiders run amuck before they even reach your app.
Use our security controls to set specific custom traffic rules, without having to write code, run tests and wait for QA/Staging.
You can block traffic from countries you don’t service, suspicious referral sources, an IP address that’s hammering your site or unwanted user agents.
Expedited WAF is built with market-leading signature detection and machine learning components used to protect over 20,000 websites.
We’ve helped hundreds of companies pass penetration tests and security audits.
Expedited WAF’s features provide the security controls that auditors require you to have in place and that would take months to implement on your own.
Controls like the ability to control ingress network traffic, continually updated systems to identify and stop attacks, auditable change logs, VPN and client reputation checking, and bot blocking.
Setup requires 5-10 minutes of work from your end.
Our automated onboarding will then handle the WAF configuration and setup for you based on your current Heroku configuration.
Once complete, you update your DNS to seamlessly transition web requests through the WAF with no downtime.
Expedited WAF can help you meet or exceed compliance requirements by providing auditable security controls, and reports of where and how attacks originate.
Serve your app and assets from our servers located around the world. Connect clients to your site faster with HTTP/2 (“SPDY”) and optional gzip and brotli compression.
While we try to make it easy, web applications are complicated.
Book a time to talk with a Security Engineer, get your questions answered, build a go-live plan or strategize on improving your security posture.Book A Time
The available application locations for this add-on are shown below, and depend on whether the application is deployed to a Common Runtime region or Private Space. Learn More
|Region||Available||Installable in Space|
Need a larger plan? Let our customer success team help! Learn more.
To provision, copy the snippet into your CLI or use the install button above.