You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/hub/enterprise-hub-network-security.md
+6-29Lines changed: 6 additions & 29 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,47 +18,25 @@ You can set multiple ranges, one per line.
18
18
19
19
## Higher Hub rate limits
20
20
21
-
Apply for higher rate-limits for your organization.
21
+
Most of the actions on the Hub have limits, for example, users are limited to creating a certain number of repositories per day.
22
+
Once your IP ranges are set, enabling this option lets your organization request the highest usage limits for members connecting from those ranges. This also enables the highest HTTP rate limits on the Hub API, to unlock large volumes of model or dataset downloads.
22
23
23
-
Most of the actions on the Hub have limits, for example, users are limited to creating a certain number of repositories per day. This option allows your organization to apply for higher limits for your organization members. This also enables higher HTTP rate limits on the Hub API, to unlock large volumes of model or dataset downloads.
24
-
25
-
To activate this option:
26
-
27
-
1. Toggle on the "Higher Hub rate limits" option
24
+
For more information about rate limits, see the [Hub Rate limits](./rate-limits) documentation.
28
25
29
26
<divclass="flex justify-center">
30
27
<imgclass="block dark:hidden"src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/network-sec-rate-limit.png"alt="Screenshot of the toggle to enable High rate-limits."/>
31
28
<imgclass="hidden dark:block"src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/dark-network-sec-rate-limit.png"alt="Screenshot of the toggle to enable High rate-limits."/>
32
29
</div>
33
30
34
-
You need to have a valid Enterprise Plus subscription for this option to take effect.
35
-
36
-
2. Ensure the Organization IP Ranges are defined
37
-
38
-
Once defined, higher rate limits will apply to members of your organization whose IPs match the defined ranges.
39
-
40
31
41
32
## Restrict organization access to your IP ranges only
42
33
43
-
This option restricts access to your organization's resources to only those coming from your defined IP ranges. No one can access your organization resources outside your IP ranges. The rules also apply to access tokens.
44
-
45
-
To activate this option:
46
-
47
-
1. Toggle on the "Restrict organization access to your IP ranges only" option
48
-
49
-
<divclass="flex justify-center">
50
-
<imgclass="block dark:hidden"src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/network-sec-enforce-auth.png"alt="Screenshot of the toggle to restrict organization access to IP ranges."/>
51
-
<imgclass="hidden dark:block"src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/dark-network-sec-enforce-auth.png"alt="Screenshot of the toggle to restrict organization access to IP ranges."/>
52
-
</div>
53
-
54
-
You need to have a valid Enterprise Plus subscription for this option to take effect.
55
-
56
-
2. Ensure the Organization IP Ranges are defined
34
+
This option restricts access to your organization's resources to only those coming from your defined IP ranges. No one can access your organization resources outside your IP ranges. The rules also apply to access tokens. When enabled, this option unlocks additional nested security settings below.
57
35
58
36
59
37
### Require login for users in your IP ranges
60
38
61
-
When this nested option is enabled, anyone visiting Hugging Face from your corporate network must be logged in and belong to your organization (requires a manual verification when IP ranges have changed). If enabled, you can optionally define a content access policy.
39
+
When this option is enabled, anyone visiting Hugging Face from your corporate network must be logged in and belong to your organization (requires a manual verification when IP ranges have changed). If enabled, you can optionally define a content access policy.
62
40
63
41
All public pages will show the following message if access is unauthenticated:
64
42
@@ -67,12 +45,11 @@ All public pages will show the following message if access is unauthenticated:
67
45
<imgclass="hidden dark:block"src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/dark-network-sec-restricted-url.png"alt="Screenshot of restricted pages on the Hub."/>
68
46
</div>
69
47
70
-
1. Toggle on the "Require login for users in your IP ranges" option (this option appears when "Restrict organization access to your IP ranges only" is enabled)
71
48
72
49
73
50
### Content Access Policy
74
51
75
-
You can also define a fine-grained Content Access Policy by blocking certain sections of the Hugging Face Hub.
52
+
Define a fine-grained Content Access Policy by blocking certain sections of the Hugging Face Hub.
76
53
77
54
For example, you can block your organization's members from accessing Spaces by adding `/spaces/*` to the blocked URLs. When users of your organization navigate to a page that matches the URL pattern, they'll be presented the following page:
0 commit comments