Sorry - but this is incorrect. Rack-timeout only ensures that requests that are hitting a predefined service time are killed off rather than being allowed to run on consuming resources. At the very minimum Rack Timeout should be installed with a setting of 30s, the same time that the Heroku router will kill a request with an H12 error.
If you're wanting any sort of DDoS protection and so on, then Rack::Attack is the one to go for. However, like I said earlier - IP based security generally adds no real world actual security. On Tue, Dec 6, 2016 at 12:13 PM Jason Fleetwood-Boldt <[email protected]> wrote: I recommend this great gem for this task, which also serves a double > purpose of fending off DDOS attacks (which every app should have installed) > > https://github.com/heroku/rack-timeout > > Using rack-timeout you can set up pretty much any Rack-level restrictions > you want, including a restriction for a specific part of the app to be > available only to a whitelisted set of IPs > -- -- You received this message because you are subscribed to the Google Groups "Heroku" group. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en --- You received this message because you are subscribed to the Google Groups "Heroku Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
