Skip to content

Security Overview

HubProxy is an open proxy service — improper deployment creates abuse risk. Follow these practices to reduce exposure.

Mechanism Description
IP rate limiting Per real client IP (IPv6 uses /64)
IP allow/deny [security] controls rate-limit exemption and blocking
Repo access control [access] restricts proxied images, GitHub repos, and Hugging Face resources
Trusted proxies Forward headers trusted only from private/local networks
File size limit [server].fileSize prevents oversized file abuse
Offline download tokens One-time tokens bound to IP and User-Agent, 2-minute TTL

HubProxy has no admin login, Basic Auth, API keys, or Prometheus /metrics. The web UI is a public SPA — security relies on network placement and configuration.

  1. Open proxy: Public 0.0.0.0:5000 without [access].whiteList lets anyone use your bandwidth
  2. IP spoofing: Reverse proxy that appends instead of overwriting X-Forwarded-For bypasses rate limits
  3. Host injection: Missing X-Forwarded-Host causes incorrect URLs in rewritten .sh scripts
  • Use Recommended Architecture: CDN (optional) → reverse proxy → HubProxy
  • Configure [access].whiteList for public services
  • Overwrite X-Forwarded-For, X-Real-IP, and X-Forwarded-Host at the proxy
  • Expose public services through a reverse proxy instead of port 5000 directly
  • Review [access].blackList and access logs regularly