Heroku Static Ip

How to Get a Heroku Static IP – QuotaGuard

By using a Heroku Static IP service like QuotaGuard Static or QuotaGuard Shield, you are provided with a load balanced set of static IP’s to route either inbound or outbound traffic through to your desired destination.
There is no server setup or ongoing maintenance required.
All you need to do is configure your app to direct your inbound or outbound traffic through our provided proxy server. We handle the high availability, the fail-over requirements, proxy maintenance, and the load balancing for you.
Both Heroku Static IP QuotaGuard products are available on the Heroku Add-Ons marketplace, where you can configure your QuotaGuard Static IP address to your app, in one click, with no need to change the core of your code.
Over the past few days, Michael and Tim troubleshooted my QGTunnel connection. Though the problem ended up being on my side, they were careful, understanding, and empathetic. They responded within 30 minutes of each email I sent, while I expected at least a couple of hours. Tim was even kind enough to go through my Heroku project to find potential bugs that could’ve caused my issue.
I’ll continue working with/recommending QuotaGuard to anyone using Heroku to connect to a DB with whitelisted IPs.
Tim S. – Data Scientist for
Heroku Static IP Addresses with High Availability and Load Balancing for
Inbound / Outbound HTTP/HTTPS/SOCKS5 Encrypted Connections
The primary benefit of using Heroku as your app platform is Heroku’s horizontal scalability, however, what if you need to:
Add a firewall rule to your system so you can access protected resources, like databases or API’s?
Access a third party’s API that only accepts traffic from specified IP addresses?
Guarantee secure traffic for sensitive data, like HIPAA, Financial or other Personally Identifiable Information (PII), end to end from source to destination through a Static IP proxy?
Heroku does not provide Static IP addresses in the Common Runtime Environment. In Heroku Private Spaces, which costs thousands of dollars a month, Static IP’s are available, but they aren’t load balanced, run on dedicated proxies, or highly customizable.
To whitelist protected resources, access restricted databases, or integrate with 3rd party API’s, you are going to need to use a hosted Heroku Static IP provider, like QuotaGuard.
What is the Difference between
QuotaGuard Static and QuotaGuard Shield?
Heroku’s QuotaGuard Static IP solution routes your traffic through a pair of static IP addresses that never change. It should be used if you need your traffic to pass through a known IP address for the purpose of firewall ingress rules or application whitelisting with a third party.
QG Static uses HTTP and SOCKS5 for outbound service and SSL Termination for inbound service.
Heroku’s QuotaGuard Shield Static IP solution is HIPAA compliant and built to handle traffic that contains PII and other sensitive information. QG Shield routes your traffic through a pair of static IP addresses that never change with a higher level of security over QuotaGuard Static.
QG Shield uses HTTPS for outbound service and SSL Passthrough for inbound service. Like QuotaGuard Static, QuotaGuard Shield should be used if you need your traffic to pass through a known IP address for the purpose of firewall ingress rules or application whitelisting with a third party. Shield allows you to utilize Heroku’s ACM for your site or bring your own certificate, like from Let’s Encrypt.
What’s the difference between SSL Termination and SSL Passthrough?
We cover that here in the article
If you would like more guidance on which QuotaGuard Heroku Static IP service is right for you, please send us an email.
QuotaGuard’ Heroku Static IP’s have experienced an uptime of 99. 98% since we started in 2014. We gracefully scale with your business needs and – with over 2, 000 active customers – successfully route millions of requests per day on our support all possible proxy protocols: HTTP, HTTPS via CONNECT and SOCKS5. SOCKS proxy is perfect for routing your database traffic via a Static IP. Certified with PostgresSQL, MySQL & Outbound IP Address
Route your outbound Heroku Static IP traffic through a load balanced pair of static IP addresses via our proxy. This allows you to integrate with third parties that require a known IP for whitelisting or open your own firewall to allow secure traffic through.
Inbound Proxy
Access your Heroku app via a secure route. Perfect for whitelisting your application in IP restricted networks. Supports SSL and custom domains.
SOCKS5 Tunnels
Access IP restricted resources without making any code changes. We support a variety of TCP based protocols and programming stacks. We also offer optional TLS encryption, if desired.
2 IP Addresses
We provide a load balanced pair of Heroku Static IP addresses so if one IP fails traffic will automatically route through your second IP with health checks and automated failover.
Easy Setup
Instant provisioning and the choice of using our HTTP or SOCKS5 proxies.
Most languages require only a few lines of config code to start routing through your static IPs. Get up and running with our sample code in minutes.
Truly Secure End-to-End Encryption
QuotaGuard Shield is the only truly end-to-end encryption service available in the marketplace. Learn more at our Why is QuotaGuard Shield More Secure? page.
No Hard Stops
What happens if your app gets more traffic and you exceed your current limit? Don’t worry! We’ll keep processing your requests. Somebody from our team will get in touch and discuss an upgrade plan whilst your app still sails smoothly along.
Dedicated IP Addresses
Dedicated IP addresses, if desired, are available for Enterprise plans and above.
Our proxies run in the US-East-1 (N. Virginia), US-West-1 (Oregon), EU-West-1 (Ireland), EU-Central-1 (Frankfurt), AP-Northeast-1 (Tokyo), AP-Southeast-1 (Sydney) and SA-East-1 (Sau Paulo) Amazon regions – so we can serve you best. You will automatically be provisioned to the proxy in your app region for ultra low latency.
Detailed Analytics
Track your requests and usage in real time via our dashboard. We retain 12 months of data so you can monitor trends in your usage and plan accordingly.
Professional Support
We pick up the phone. We answer emails. We do live online chat. We do one-on-one setup assistance. Don’t believe the hype? Just email us and see for yourself.
Easy to Upgrade and Change Plans
Need to Upgrade? Don’t worry, your Heroku Static IP Addresses will never change when you need to change your usage plan.
Heroku Static IP Proxy’s in 7 Global RegionsKeep Your Data Close to HomeDedicated Heroku Static IP Proxies Available in Each Region
Ready to Get Started?
Get in touch or create a free trial account
QuotaGuard Static IP's | Heroku Dev Center

QuotaGuard Static IP’s | Heroku Dev Center

Add-onsAll Add-onsQuotaGuard Static IP’s
This add-on is operated by Alpine Shark, LLCStatic IPs with HA+LB for Inbound/Outbound (HTTP/SOCKS5) Encrypted Connections
Last updated April 22, 2021
Table of Contentstitle: Heroku QuotaGuard Static IP’sWhich QuotaGuard should I use? Provisioning the add-onHTTP ProxyHTTP Proxy with Ruby/RailsHTTP Proxy with Python/DjangoHTTP Proxy with Proxy with PHPHTTP Proxy with JavaHTTP Proxy with ClojureHTTP Proxy with GolangSOCKS5 ProxySOCKS5 Proxy with QGTunnelSOCKS5 Proxy for a MySQL Database in Node. jsInbound ProxyMonitoring & loggingDashboardLocal setupFAQsMigrating between plansRemoving the add-onPrivacy – GDPR and CCPASupport
layout: default
title: Heroku QuotaGuard Static IP’s
QuotaGuard Static is a Heroku Static IP add-on that allows you to route inbound & outbound traffic through a static IP address. You can provide this static IP address to an API partner for an IP based allowlist and open your own firewall to access internal resources.
QuotaGuard Static IP’s on Heroku come in three flavors:
Outbound HTTP proxy for accessing HTTP & HTTPS web services
Outbound SOCKS5 proxy for TCP-level routing, such as accessing a database, SMTP, FTP, etc.
Inbound HTTP/HTTPS proxy or reverse proxy for accessing your Heroku app on a static IP
For outbound traffic, the first decision you must make as a developer is whether to target our HTTP or SOCKS5 proxy. The SOCKS5 proxy is more versatile, because it handles TCP-level traffic, but the setup steps are more involved than the HTTP proxy. Our general rule of thumb is use HTTP if accessing a web service, otherwise use SOCKS5. There is native support across Ruby, Python,, PHP, Scala, Java, and nearly every other language for the HTTP Proxy.
For inbound traffic, we provide you with a URL to connect to. You can bring your own FQDN if you like. We provide SSL Termination with your SSL Certificates as well.
Inbound proxy service is only available for the Micro plan or above.
Which QuotaGuard should I use?
We offer three products on Heroku, QuotaGuard, QuotaGuard Static, and QuotaGuard Shield.
QuotaGuard routes your traffic through a dynamic set of IP addresses that may change at any time and is intended for accessing APIs like Google Maps that restrict usage based on your IP address. It should be used if you want to access these APIs without your limit being shared with other Heroku apps.
QuotaGuard Static IP’s routes your Heroku traffic through a pair of static IP addresses that never change. It should be used if you need your traffic to pass through a known static IP address for the purpose of firewall ingress rules or application allowlisting with a third party. QuotaGuard Static IP’s uses HTTP and SOCKS5 for outbound service and SSL Termination for inbound service.
QuotaGuard Shield Static IP’s are HIPAA compliant and built to handle Heroku traffic that contains PII and other sensitive information. QuotaGuard Shield routes your traffic through a pair of static IP addresses that never change with a higher level of security over QuotaGuard Static. The service uses HTTPS and SOCKS over TLS for outbound service and SSL Passthrough for inbound service. Like QuotaGuard Static, QuotaGuard Shield should be used if you need your traffic to pass through a known IP address for the purpose of firewall ingress rules or application allowlisting with a third party. Shield allows you to utilize Heroku’s ACM for your site or bring your own certificate.
Please send us a mail if you’d like more guidance on what service fits your needs best.
Provisioning the add-on
QuotaGuard Static can be added to a Heroku application via the CLI:
A list of all plans available can be found here.
$ heroku addons:create quotaguardstatic:starter
—–> Adding quotaguardstatic:starter to sharp-mountain-4005… done, v18 (free)
—–> Your static IPs are [10. 11. 12. 13, 14. 15. 16. 17]
Once QuotaGuard Static has been added a QUOTAGUARDSTATIC_URL setting will be available in the app configuration and will contain the full URL you should use to proxy your requests. This can be confirmed using the heroku config:get command.
$ heroku config:get QUOTAGUARDSTATIC_URL
After installing QuotaGuard Static the application should be configured to fully integrate with the add-on.
What are my IPs?
You are provided with two static IP addresses as part of our fault tolerant, load balanced service. Traffic may route through either one at any time.
Your two IP addresses will be printed on the command line when you provision the add-on or you can view them on your QuotaGuard Static dashboard, accessible from your Heroku App page.
HTTP Proxy
The HTTP Proxy is an outbound proxy service, allowing your application to reach an external endpoint (ie: HTTPS api) with HTTP or HTTPS protocols.
How Secure is the HTTP Proxy
You can access HTTPS services via the HTTP proxy whilst still getting full SSL/TLS security. When you make a request via the proxy to an HTTPS endpoint your client will transparently issue a CONNECT request rather than a basic GET or POST request.
On receipt of this CONNECT request the proxy will open a tunnel between your client and the endpoint, allowing your client to negotiate a standard SSL session with the endpoint. Once negotiated all traffic sent between your client and the endpoint will be encrypted as if you had connected directly with them.
For HTTPS Proxy, check out QuotaGuard Shield. With the HTTPS Proxy your initial CONNECT request will be also encrypted, this protects proxy credentials and remote hostname but requires an additional TLS handshake.
HTTP Proxy with Ruby/Rails
Ruby has an excellent REST client that easily allows you to specify an HTTP proxy. You can run the below example in an irb session and verify that the final IP returned is one of your two static IPs.
require “rest-client”
res = (“)
puts “Your Static IP is: #{}”
HTTP Proxy with Python/Django
Using with the Requests library
Requests is a great HTTP library for Python. It allows you to specify an authenticated proxy on a per request basis so you can pick and choose when to route through your static IP.
import requests
import os
proxies = {
“”: os. environ[‘QUOTAGUARDSTATIC_URL’],
“”: os. environ[‘QUOTAGUARDSTATIC_URL’]}
res = (“, proxies=proxies)
Using with urllib2
urllib2 is a more basic library used for HTTP communication in Python and uses environment variables to set a proxy service.
In your application initialization you should set the _proxy variable to match the QUOTAGUARDSTATIC_URL.
# Assign QuotaGuard to your environment’s _proxy variable
os. environ[‘_proxy’] = os. environ[‘QUOTAGUARDSTATIC_URL’]
To test in the Python interpreter
import urllib2, os
url = ”
proxy = oxyHandler()
opener = _opener(proxy)
in_ = (url)
res = ()
HTTP Proxy with
Accessing an HTTP API with
To access an HTTP API you can use the standard HTTP library in but must ensure you correctly set the “Host” header to your target hostname, not the proxy hostname.
var, options, proxy, url;
= require(“”);
url = require(“url”);
proxy = ();
target = (“);
options = {
hostname: name,
port: || 80,
headers: {
“Proxy-Authorization”: “Basic ” + (new Buffer(). toString(“base64”)),
“Host”: name}};
(options, function(res) {
return (“status code”, atusCode);});
Accessing an HTTPS API with
The standard HTTPS module does not handle making requests through a proxy very well. If you need to access an HTTPS API we recommend using the Request module (npm install request).
var request = require(‘request’);
var options = {
url: ”,
‘User-Agent’: ”}};
function callback(error, response, body) {
if (! error && atusCode == 200) {
request(options, callback);
HTTP Proxy with PHP
PHP cURL is the easiest way to make HTTP requests via QuotaGuard Static. This example assumes that you have set the QUOTAGUARDSTATIC_URL environment variable which is automatically set for you when you provision the add-on.
The IP address printed on screen will be one of your two static IP addresses, run it a couple of times and you’ll probably see the other one too.

HTTP Proxy with Java
The JVM allows you to configure a socksProxyHost. The example below uses Apache HttpClient, but the same configuration applies to other JVM-based clients.
import *;
public class HelloWorld {
public static void main(String []args) throws IOException {
String userInfo = tUserInfo();
String user = bstring(0, dexOf(‘:’));
String password = bstring(dexOf(‘:’) + 1);
URLConnection conn = null;
tProperty(“oxyHost”, tHost());
tProperty(“oxyPort”, String(tPort()));
tDefault(new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(user, CharArray());}});
URL url = new URL(“);
conn = Connection();
BufferedReader in = new BufferedReader(new InputStreamReader(tInputStream()));
String inputLine;
while ((inputLine = adLine())! = null)
You can check available proxy related JVM settings here.
HTTP Proxy with Clojure
The Clojure clj- library allows you to configure a proxy for an HTTP request.
The example below shows you how to use this with the add-on:
(defn get-quota-guard []
(let [proxy-uri ( (env:quotaguardstatic-url))]
(client/get ”
{:proxy-host (. getHost proxy-uri):proxy-port (. getPort proxy-uri):headers {
(str “Basic ” ( ()
(. getBytes (. getUserInfo proxy-uri))))}})))
HTTP Proxy with Golang
For Golang, you can setup a per-request proxy in the package like this:
proxyUrl, err:= (“”)
myClient:= &{Transport: &ansport{Proxy: oxyURL(proxyUrl)}}
Or you can configure it for all requests like this:
faultTransport = &ansport{Proxy: oxyURL(proxyUrl)}“`
SOCKS5 Proxy
SOCKS5 is a very flexible TCP level tunneling protocol which works on a per host basis and is compatible with all programming environments. QuotaGuard Static provides three ways to setup SOCKS5 proxy integration within your app:
QuotaGuard Tunnel, process-based tunneling program
QuotaGuard Socksify script, routing-based tunneling program
Framework specific support for SOCKS5
QGTunnel is an extremely versatile wrapper script for your process. It allows you to map one or more local ports to route through the QuotaGuard proxy servers. It supports a DNS override mode for protocols that require the hostname stay the same (ie: HTTPS) or to minimize the impact on the code. QGTunnel also supports end-to-end encryption of your tunnel data for protocols that are not encrypted (ie: redis).
We recommend QGTunnel unless you need to route all traffic within the app through the SOCKS5 proxy.
QGSocksify is a routing-based tunneling program. It allows for all or some of the outgoing traffic to be routed through the proxy server based on the destination IP or IP range. Please note: This solution includes software developed by Inferno Nettverk A/S, Norway.
Additionally, many languages support SOCKS5 proxies natively or via a add-on package.
SOCKS5 Proxy with QGTunnel
To get started with the SOCKS5 proxy utilizing QGTunnel, please follow these steps:
Download QGTunnel
Download and extract the qgtunnel in the root directory of your app:
$ curl | tar xz
Setup the Tunnel
Login to our dashboard and setup the tunnel:
$ heroku addons:open quotaguardstatic
Opening quotaguardstatic for sharp-mountain-4005…
At the top right, click Settings, then Setup. On the left, click Tunnel, then Create Tunnel. This example assumes a MySQL server.
Remote Destination: tcp
Local Port: 3306
Transparent: true
Encrypted: false
This setup assumes that your server is located at “” and is listening on port 3306 (the default mysql port).
Use the same port for the local port, unless you are using that port on your dyno or it is below 1024, then you will have to change this to some other port (say 3307).
Transparent mode allows QuotaGuard to override the DNS for to 127. 0. 1, which redirects traffic to the QGTunnel software. This means you can connect to either or 127. 1 to connect through the QGTunnel. More information is available on transparent mode as you follow along in these instructions.
Encrypted mode can be used to encrypt data end-to-end, but if your protocol is already encrypted then you don’t need to spend time setting it up. More details on end-to-end encryption is below as you follow these instructions.
Creating the tunnels in the dashboard is for convenience. See the last step (Harden your setup) for how to remove a dependency from your system.
Change your code (maybe)
You may have to change your code to connect through QGTunnel.
With transparent mode, and when using the same local and remote port, you should not have to change your code.
Without transparent mode, you will want to connect to 127. 1:3306 (in this example). If you changed the local port, then you will need to change the port number to match.
Change your Procfile
(You have a procfile even if it’s not explicitly in your code base. To find it, log into the Heroku dashboard, click on the Resources tab, there you will see a list all of your dyno processes. The text you see (like web npm start) acts as your Procfile, if you do not have one explicitly in your code base. )
Modify your app Procfile to prepend the QGTunnel application to your standard commands:
web: bundle exec unicorn -p $PORT -c. /config/
web: bin/qgtunnel bundle exec unicorn -p $PORT -c. /config/
Commit and deploy your changes. Be sure to add bin/qgtunnel. If you are using transparent mode, be sure vendor/nss_wrapper/ is also committed.
If problems arise
By default all fatal errors encountered by the qgtunnel will be logged to your Heroku logs. If this information is not enough, you can enable verbose output mode by setting QGTUNNEL_DEBUG environment variable to true.
$ heroku config:set QGTUNNEL_DEBUG=true
Send any information in the logs (please redact any credentials, including your QuotaGuard connection URL) to
IMPORTANT: Harden your setup.
This step is highly recommended as we do not have any SLA on our website, which can be out due to maintenance.
By default qgtunnel will try to fetch configuration from the QuotaGuard API, but it also supports local configuration. You should download the configuration file from the Dashboard by pressing Download configuration on the Tunnel page.
Place the downloaded file into the root directory of your project under the. qgtunnel filename, commit and deploy. With this file, your application will not depend on the availability of our website during application startup.
Transparent Mode
If your application depends on DNS based discovery process or needs local tunnel to be resolvable via the DNS name regular tunneling mode will not be enough. For this situation you should enable transparent mode for the QGTunnel in your configuration. In transparent mode, QGTunnel will alter DNS queries from your app to the local address.
Let’s say you want to access replicated MongoDB cluster using QGTunnel with 3 replicas located on the hosts:, and For this configuration you will need to create 3 separate tunnels for each host on the port 52115 in transparent mode. Once this is done, QGTunnel will alter DNS resolution process to resolve these host names to the appropriate loopback address and auto discovery for your replicated cluster should work as intended.
End-to-end Encryption
Tunnels support communication over TLS encrypted connections. Encryption offers a high level of data protection: all data will be decrypted only in the environments that you control. The remote destination that the tunnels connect to have to support TLS encryption and have a valid certificate installed. If your remote destination doesn’t support encryption, you can use stunnel. You can use self-signed certificates, however you have to provide a custom root CA certificate, it will be added to the list of trusted roots in qgtunnel.
For example: You want to connect to the IP restricted Redis and encrypt all traffic between the Heroku app and Redis server. Redis doesn’t support encryption, so you have to install stunnel on the Redis server or any other server within the same network. Typical stunnel configuration that you might want to use:
accept = 6380
connect = 127. 1:6379
cert =
With this configuration, stunnel will start TLS server on port 6380, it will handle encrypted traffic and will pass decrypted data to the Redis server on 127. 1:6379. As noted you will need a valid certificate, or you can generate self-signed certificate:
Generate private key and certificate for the custom CA:
$ openssl genrsa -out 2048
$ openssl req -x509 -new -key -out -days 730
Generate CSR for your domain and sign it with custom CA:
$ openssl req -new -out -key
$ openssl x509 -req -in -out -CAkey -CA -days 365 -CAcreateserial -CAserial serial
Create PEM bundle:
$ cat >
Install on stunnel server. Add to your heroku repository and update qgtunnel command in your Procfile:
web: bin/qgtunnel -root_ca bundle exec unicorn -p $PORT -c. /config/
Finally enable encryption for your tunnel configuration on QuotaGuard dashboard.
With this configuration, all the traffic handled by qgtunnel will be encrypted with your certificate and all data will be passing proxies in encrypted format.
Setting up MySQL access from Rails
This assumes that you have already followed the steps to download and install the SOCKS5 wrapper script as detailed in the section above.
To connect to a MySQL host via the proxy you need to add an extra line to your config file to ensure no connect_timeout is set. Without this option your app will not be able to connect to the database and will hang indefinitely.
The value is deliberately left out to force the mysql2 adapter to use nil as the timeout.
Your full might look something like this (example values only).
common: &common
adapter: mysql2
username: secureuser
password: securepassword
encoding: utf8
pool: 5
<<: *common database: myapp_development test: database: myapp_test production: SOCKS5 Proxy for a MySQL Database in To use a SOCKS5 proxy for any reason in we recommend socksjs as this is one of the only SOCKS modules to support authentication. npm install socksjs This sample creates a connection to a SOCKS5 connection to our proxy and uses that for all MySQL requests. var mysql = require('mysql2'), url = require('url'), SocksConnection = require('socksjs'); var remote_options = { host:'', port: 3306}; var proxy = (), auth =, username = (':')[0], pass = (':')[1]; var sock_options = { host: name, port: 1080, user: username, pass: pass}; var sockConn = new SocksConnection(remote_options, sock_options); var dbConnection = eateConnection({ user: 'dbuser', database: 'dbname', password: 'dbpassword', stream: sockConn}); ('SELECT 1+1 as test1;', function(err, rows, fields) { if (err) throw err; ('Result: ', rows); sockConn. dispose();}); Inbound Proxy The Inbound Proxy allows you to always access your Heroku app on a Static IP address. This feature is available on our Micro plan and above. Once you have provisioned the add-on you just need to visit the QuotaGuard Static Dashboard to complete your setup. You can do this from your Heroku Dashboard by clicking on our icon or from your command line: Visit the Setup page and enter in the full URL of your Heroku app, e. g. We then create for you a unique URL that you can use to access your web application: e. g. This corresponds to a DNS A name record that resolves to your two QuotaGuard Static IPs. You should include both IP addresses in any firewall rules or allowlists. Open this URL in your browser and you should see your own web application. If you are using HTTPS or filter based on the domain name, you may need to add a custom domain in our dashboard. Follow the instructions on the dashboard to setup your custom domain. Please note it may take up to 10 minutes for configuration and DNS changes to propagate. In your firewall you can now just open access to the two QuotaGuard Static IPs in order to work with your cloud app. SSL setup Our self-service automated setup supports SSL by default. For custom domains you have to upload valid certificate to enable SSL. In both cases SSL will be terminated on QuotaGuard proxies. Monitoring & logging Real-time and historical usage stats can be displayed on the QuotaGuard Static Dashboard accessible from your Heroku Dashboard. Dashboard The QuotaGuard Static dashboard allows you to view your real-time and historical usage of every API. The dashboard can be accessed via the CLI: or by visiting the Heroku apps web interface and selecting the application in question. Select QuotaGuard Static from the Add-ons menu. Local setup Environment setup After provisioning the add-on you can locally replicate the config vars so your development environment can operate against the service. This should be used for initial testing only as usage will count against your daily limits. Though less portable it’s also possible to set local environment variables using export QUOTAGUARDSTATIC_URL=value. Use Heroku Local to configure, run and manage process types specified in your app’s Procfile. Heroku Local reads configuration variables from a file. Use the following command to add theQUOTAGUARDSTATIC_URL value retrieved from heroku config to $ heroku config -s | grep QUOTAGUARDSTATIC_URL >>
$ more
Credentials and other sensitive configuration values should not be committed to source-control. In Git exclude the file with: echo >>. gitignore.
Do you offer Dedicated Static IPs?
Yes – dedicated IP addresses are available on request for subscriptions on the Enterprise plan and above. As they require dedicated infrastructure we only provision these on request so please contact us if you want a dedicated Static IP address.
What happens when I reach my usage limit?
To make sure we grow in harmony with your application QuotaGuard Static operates initially with a soft limit. When you reach your plan’s monthly usage limit your requests will continue going through but we will reach out to you via e-mail to ask that you upgrade your plan.
If you repeatedly exceed your limits without upgrading then hard limits may be placed on your account but this is a very last resort.
I’ve forgotten what my Static IPs are!
Both IPs are shown on your Dashboard which you can get to either from your Heroku Apps page or via the CLI.
Can I access your Brazilian instance in Sao Paulo?
QuotaGuard Static is deployed in the Heroku US & Europe regions and you are automatically assigned to an instance in the same region as your app. If you would like to use our South America instance located in Sao Paulo please contact us and we can manually relocate you. This will change your Static IP address.
Why have you given me two Static IP addresses?
We believe all apps should be built for scalability and high availability. Our commitment to this means we only provide load balanced, high availability services. Load balancing our nodes allows one node to fail or be brought down for maintenance with no impact to your application. Each IP you are given represents one proxy node that is running behind a load balancer.
If you want to use just one IP address, you can change your QUOTAGUARDSTATIC_URL environment variable to point to one of the two IPs following this format:
Contact if you have any issues utilizing just one of the two IPs.
What region does QuotaGuard Static run in?
We have instances in the US, EU, SA, EA, and AP regions. When you provision the add-on you will be assigned static IPs in the same region as your Heroku app ensuring we can always process your requests with ultra low latency.
Can I access MySQL or Postgres through this?
Yes we have many users doing this. The easiest way for most languages is to use our SOCKS5 proxy wrapper(installation details higher up the page). If you are using you can also configure the SOCKS5 proxy in your Javascript code without using the wrapper (details also on this page).
Migrating between plans
Application owners can migrate at any time with no interruption to your service.
Use the heroku addons:upgrade command to migrate to a new plan.
$ heroku addons:upgrade quotaguardstatic:large
—–> Upgrading quotaguardstatic:large to sharp-mountain-4005… done, v18 ($90/mo)
Your plan has been updated to: quotaguardstatic:large
The QUOTAGUARDSTATIC_URL will revert back to it’s original setting when you change plans. Be prepared to reset this if you have changed it.
Removing the add-on
QuotaGuard Static can be removed via the CLI.
This will destroy all associated data and cannot be undone!
$ heroku addons:destroy quotaguardstatic
—–> Removing quotaguardstatic from sharp-mountain-4005… done, v20 (free)
All three QuotaGuard services are a GDPR and CCPA compliant. Please review our Privacy Policy and GDPR/CCPA compliance information at ’s Privacy Policy page. In addition, we also answer many questions around Privacy, Security, and GDPR at FAQ’s. If you need a DPA for your customers, or from us as a sub-contractor of your services, please contact us via our Support channel (details below) so we can get you the right DPA contract for your review.
All QuotaGuard Static support and runtime issues should be submitted via the Heroku Support channels. Any non-support related issues or product feedback is welcome at or by visiting
Static IP Address with Heroku (not Proximo) - Stack Overflow

Static IP Address with Heroku (not Proximo) – Stack Overflow

Fixie is another option. Fixie is an add-on that provides Heroku applications with a fixed set of static IP addresses for outbound requests. It is language- and framework-agnostic.
Fixie is easy to setup and has “get started” documentation (similar to the one for Python below) for Ruby, Node, Java, Go here. Here is the one for Python.
First you need to sign up for the free plan:
$ heroku addons:open fixie
Opening fixie for sharp-mountain-4005…
Next, the FIXIE_URL will be set as environment variable. To route a specific request through Fixie using requests:
import os, requests
proxyDict = {
“”: (‘FIXIE_URL’, ”),
“”: (‘FIXIE_URL’, ”)}
r = (”, proxies=proxyDict)
Using urllib2 the same functionality will look like this:
import os, urllib2
proxy = oxyHandler({”: (‘FIXIE_URL’, ”)})
auth = TPBasicAuthHandler()
opener = _opener(proxy, auth, TPHandler)
response = (”)
html = ()
In both cases, these requests would come through a known IP address assigned by Fixie.

Frequently Asked Questions about heroku static ip

How do I get a static IP on Heroku app?

3 Answers. You can use QuotaGuard Static Heroku add-on. All requests that you make via this proxy will appear to the destination server to originate from one of the two static IPs you will be assigned when you sign up.Sep 27, 2015

What is heroku IP?

Heroku does not provide a static IP by itself but you can use addons to achieve this goal. This limitation is discussed here – https://devcenter.heroku.com/articles/apex-domains. Generally sites use URL instead of IP address to authenticate requests.Aug 11, 2015

Can I set a static IP?

You can assign these static IP addresses on the device itself—using, say, Windows’ network settings on each computer—or you can do it at the router level. Doing it at the router level is called assigning a DHCP reservation, though many people (and even some routers) still refer to it as a “static IP address.”Dec 28, 2019

Leave a Reply

Your email address will not be published. Required fields are marked *