Security Overview
HubProxy is an open proxy service — improper deployment creates abuse risk. Follow these practices to reduce exposure.
Core Mechanisms
Section titled “Core Mechanisms”| Mechanism | Description |
|---|---|
| IP rate limiting | Per real client IP (IPv6 uses /64) |
| IP allow/deny | [security] controls rate-limit exemption and blocking |
| Repo access control | [access] restricts proxied images, GitHub repos, and Hugging Face resources |
| Trusted proxies | Forward headers trusted only from private/local networks |
| File size limit | [server].fileSize prevents oversized file abuse |
| Offline download tokens | One-time tokens bound to IP and User-Agent, 2-minute TTL |
Not Built In
Section titled “Not Built In”HubProxy has no admin login, Basic Auth, API keys, or Prometheus /metrics. The web UI is a public SPA — security relies on network placement and configuration.
Main Risks
Section titled “Main Risks”- Open proxy: Public
0.0.0.0:5000without[access].whiteListlets anyone use your bandwidth - IP spoofing: Reverse proxy that appends instead of overwriting
X-Forwarded-Forbypasses rate limits - Host injection: Missing
X-Forwarded-Hostcauses incorrect URLs in rewritten.shscripts
Recommendations
Section titled “Recommendations”- Use Recommended Architecture: CDN (optional) → reverse proxy → HubProxy
- Configure
[access].whiteListfor public services - Overwrite
X-Forwarded-For,X-Real-IP, andX-Forwarded-Hostat the proxy - Expose public services through a reverse proxy instead of port 5000 directly
- Review
[access].blackListand access logs regularly