johnhutch
commented
7 years ago I'm VERY anti-captcha. I believe heroic has some anti-ddos things built in. when researching protections here, it's probably worth starting with something heroku-side, rather than software side.
This is necessary to prevent DOS attacks from shutting the whole site down.
Slower API paths and any authentication API paths should get rate limits. But we don't really use API right? Let's talk about this one.
Another anti-DOS technique is to use CAPTCHA by the way.