Restrict access to Heroku app by IP?

Does Heroku support an inbound firewall? I'd like to restrict access to my app by IP. I have two sites that need access to it and both have static IP addresses.

Solution

There isn't a configurable firewall (like AWS security groups).

You could write some simple HTTP middleware at an application level however that checks X-Forwarded-For (https://devcenter.heroku.com/articles/http-routing#heroku-headers) against a whitelist.

IP restrictions aren't a 1:1 replacement for a proper authentication system though.

Examples of Ruby on rails + aws congnito
How should I set my DATABASE_URL?
Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
Permission denied (publickey) when deploying heroku code. fatal: The remote end hung up unexpectedly
why my cli give an error when I pushing my app?
Failed openWeatherMap API call
Heroku Rails deploy fails with error "could not connect to server: Connection refused"
Running Django custom manage.py task on Heroku - Importing Issues
zsh: parse error near `\n' when Adding AWS keys as environment variables
Connect an Authenticator App with Heroku results in "That code is invalid or expired. Try another."
Nginx reverse proxy to Heroku fails SSL handshake
Permission Denied While Running .sh Script in Docker Container with Heroku Dyno Deployed with Github Actions
IP Address Mismatch on signing into Heroku CLI
How do I access a private github repo from heroku?
Migrate PostgreSQL database from Heroku to Railway
Resource 'corpora/wordnet' not found on Heroku
Heroku: How to release an existing image in gitlab CI/CD?
Django Celery Redis
getting YN0028 The lockfile would have been modified by this install, which is explicitly forbidden. using yarn berry and heroku
Heroku Nodejs app with R10, H10 and H20 errors
The argument 'path' must be a string, Uint8Array, or URL without null bytes. Received '\x00@astro-page:astro/assets/endpoint/node' on Heroku deploy
How to hide databases that I am not allowed to access
Where do I get a CPU-only version of PyTorch?
Django email sending on Heroku
'matplotlib' has no attribute 'cm' when deploying an app
Inconsistent ClassCastException for XmlBeans.Factory parse method
Settings.py cannot find psycopg2... squlite3 and postgresql problem... no such table: auth_user
Permission problem with heroku stack build locally with docker compose on ubuntu 24.04
How do I get my heroku app's node version?
Getting ERR_MODULE_NOT_FOUND in my Heroku App but working fine in localhost