(This is a more specific version of what was asked in Can access to a heroku postgresql DB be restricted to it's heroku app ONLY?).
We see a lot of the following in our logs:
sql_error_code = 28000 FATAL: no pg_hba.conf entry for host "<ip>", user "postgres", database "postgres", SSL off
According to the Heroku documentation this is a lazy attempt at a hack over the public internet.
Is it possible in Heroku to restrict access to an IP whitelist on top of the access control via authentication? We barely need to access our database directly and would be fine going via a static proxy whenever we do need to.
Yes, it is possible to restrict access by IP range or IP list. Apparently this feature is in beta and you'll have to email a Heroku operator.
https://devcenter.heroku.com/articles/private-spaces#trusted-ip-ranges-for-data-services