Sorry - but this is incorrect. Rack-timeout only ensures that requests that are hitting a predefined service time are killed off rather than being allowed to run on consuming resources. At the very minimum Rack Timeout should be installed with a setting of 30s, the same time that the Heroku router will kill a request with an H12 error.
If you're wanting any sort of DDoS protection and so on, then Rack::Attack is the one to go for. However, like I said earlier - IP based security generally adds no real world actual security. On Tue, Dec 6, 2016 at 12:13 PM Jason Fleetwood-Boldt <t...@datatravels.com> wrote: I recommend this great gem for this task, which also serves a double > purpose of fending off DDOS attacks (which every app should have installed) > > https://github.com/heroku/rack-timeout > > Using rack-timeout you can set up pretty much any Rack-level restrictions > you want, including a restriction for a specific part of the app to be > available only to a whitelisted set of IPs > -- -- You received this message because you are subscribed to the Google Groups "Heroku" group. To unsubscribe from this group, send email to heroku+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en --- You received this message because you are subscribed to the Google Groups "Heroku Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to heroku+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.