I have a Heroku app and connected Cloudflare. As I know, there is no way to remove a default Heroku domain (app.herokuapp.com), so I forward all requests with Host 'app.herokuapp.com' to 'mydomain.com'. But will Cloudflare secure me from attacks straight to a Heroku domain? If no, is it a way to remove default domain or hide it somehow?
You are correct at all points. I am giving you the easy ways for basic offloading of attacks. All methods are towards 301 redirect and/or packet forwarding.
But will Cloudflare secure me from attacks straight to a Heroku domain?
Cloudflare has a service which they say CNAME flattening . Few years back, it was dnsmadeeasy who discovered A Name. They are not RFC standardised. Many other DNS service has such things. Basic principle is easy. If app URL is my-ugly-url.herokuapp.com
& your custom domain is my-custom.com
then with which you can set :
| my-custom.com |
@ my-ugly-url.herokuapp.com ( ANAME or ALIAS )
app.my-custom.com CNAME my-ugly-url.herokuapp.com
www.my-custom.com CNAME my-ugly-url.herokuapp.com
Then do 301 redirection at application's web server config, app.my-custom.com
will redirect to my-ugly-url.herokuapp.com
. Requests toward my-ugly-url.herokuapp.com
will be forwarded to my-custom.com
by dnsmadeeasy. There are probably more such DNS services now. Yes, chance of running attack over both domain in parallel is remaining. But also my-ugly-url.herokuapp.com
get exposed on DNS record.
If no, is it a way to remove default domain or hide it somehow?
Officially 301 redirection, packet forwarding is also possible. There are ways to have dedicated IP and forward TCP packets. They have 3 types of add-ons --
They are not always easy at application level but probably safer than having such naked subdomain open to all. PaaS is facing increasing DDoS now . That is different matter.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.