I use Heroku as my hosting solution. So, if some bad man attacks my site with DDoS, what should I do?
Asked
Active
Viewed 3,345 times
1 Answers
1
Heroku is a "platform as a service," not a typical hosting solution. A denial of service attack against your site would be an attack against the entire platform. Heroku takes security seriously and presumably has sophisticated measures in place to detect and mitigate DDOS attacks.
Sit back and relax. On a platform like Heroku, your job is to develop and maintain the security of your own code, while leaving management of the platform to the provider.
Skyhawk
- 14,149
- 3
- 52
- 95
-
2Wish this were true, but [this blog post](http://www.jsiegel.com/2013/01/heroku-please-enable-at-least-basic.html) describes how Heroku failed to prevent a DoS attack, responding that "Heroku does not offer any kind of direct DDoS mitigation unfortunately". We're currently experiencing a similar issue on Heroku where we're getting repeat automated requests from an IP (though it seems accidental rather than malicious) and have no way to block it. Tough to "sit back and relax" in that situation. – Yarin Feb 09 '14 at 15:30
-
1This is interesting. It should be noted that as of today, "advanced DDoS mitigation controls" are an [advertised feature](http://www.heroku.com/policy/security) of Heroku. If they truly did respond in the way that the author describes, they were not doing their job, and my reaction would have been very similar. – Skyhawk Feb 10 '14 at 20:05