How to Block IP Addresses on Heroku

Why would you need to block an IP address

Many poorly written, misbehaving, or malicious bots can be readily identified as generating traffic from a single IP address.

Blocking an IP is typically the first step to take in rejecting unwanted traffic hitting your site.


What you need to get started:

  1. Expedited WAF add-on is setup in front of your application.

How to Block IP Addresses on Heroku

From the Block/Allow IPs page of your Expedited WAF dashboard, add each IP or CIDR-notated IP range that you want to block:

All requests from that IP/range will be stopped at the WAF and will not reach your Heroku application.


  • To prevent accidentally blocking large portions of the Internet from reaching your site, block the narrowest effective IP range.
  • In most cases you’ll need to layer in additional filtering rules in addition to blocking a single IP/range.

IP Resources

Learn more about IP addressing

Try Expedited WAF.
Get a Free Tee.

Option 1: Install Expedited WAF (the Web Application Firewall service that shields your Heroku applications from attacks) from the Heroku Elements Marketplace..

Seven days later we'll ask for some feedback and your (US or Canada only) shipping details.

Option 2: Select a Date & Time below to talk to us about your existing web application security framework and see how Expedited WAF can help better secure your Heroku applications.