>> - Use a proxy, typically a tiny VM from your choice of providers. > > > And that is my first thought. But not every company has one, or is willing > to start one just for my app.
If most of your customers need to set IP-based ACLs on your traffic, it may not be well suited for a multitenant PaaS like Heroku. >From what's available, Morten's suggestion of Proximo is the way to go (or operating your own authenticated SOCKS proxy, but I wouldn't run that by choice unless you absolutely had to). All HTTP traffic from your app to the customers would use this proxy. > Or is what you are suggesting is putting my app server on a different port > than 80/443, and allowing http traffic through the firewall for only that > port? But wouldn't that disregard other users who expect the app to > operation on 80/433? No. I was suggesting running the proxy port on a non-default port (in the example, 1880). This only works if the service is authenticated another way and it's solving an edge case, and it sounds like neither of those are true here. So, use Proximo, run your own SOCKS proxy, or change hosting. Hope this helps, Troy -- You received this message because you are subscribed to the Google Groups "Heroku" group. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/heroku?hl=en_US?hl=en
