diff --git a/docs/hub/_toctree.yml b/docs/hub/_toctree.yml index 0e0bc99bf..111807d6f 100644 --- a/docs/hub/_toctree.yml +++ b/docs/hub/_toctree.yml @@ -346,6 +346,8 @@ title: Tokens Management - local: enterprise-hub-analytics title: Analytics + - local: enterprise-hub-network-security + title: Network Security - local: billing title: Billing - local: security diff --git a/docs/hub/enterprise-hub-network-security.md b/docs/hub/enterprise-hub-network-security.md new file mode 100644 index 000000000..ceef2d5ee --- /dev/null +++ b/docs/hub/enterprise-hub-network-security.md @@ -0,0 +1,81 @@ +# Network Security + + +This feature is part of the Enterprise Plus plan. + + +## Define your organization IP Ranges + +You can list the IP addresses of your organization's outbound traffic to apply for higher rate limits and/or to enforce authenticated access to Hugging Face from your corporate network. +The outbound IP address ranges are defined in CIDR format. For example, `52.219.168.0/24` or `2600:1f69:7400::/40`. + +You can set multiple ranges, one per line. + +
+Screenshot of the Organization IP Ranges field. + +
+ + +## Higher Rate Limits + +Apply for higher rate-limits for your organization. + +Most of the actions on the Hub have limits, for example, users are limited to creating to a certain number of repositories per day. This option allows your organization to apply for higher limits for your organization members. + +To activate this option, + +1. Toggle on the "Higher Hub rate-limits" option + +
+Screenshot of the toggle to enable High rate-limits. + +
+ +Please note, your Enterprise Hub Plus subscription will be verified when activating this option. + +2. Ensure the Organization IP Ranges is defined + +Once defined, higher rate limits will apply to the member of your organization with IPs matching the defined ranges. + + +## Enforce authenticated access to the Hugging Face Hub + +This option will ensure that, when browsing from your corporate network, only authenticated users belonging to your organization are able to access the Hugging Face Hub. All public pages will show the following message if access unauthenticated: + +
+Screenshot of restricted pages on the Hub. + +
+ +1. Toggle on the "Enforce authenticated access to the Hub" option + +
+Screenshot of the toggle to enable Enforced authenticated access to the Hub. + +
+ +Please note, your Enterprise Hub Plus subscription will be verified when activating this option. + +2. Ensure the Organization IP Ranges is defined + + +### Content Access Policy + +You can also define a fine grained Content Access Policy by blocking some section of the Hugging Face Hub. + +For example, you can block your organization's members to access Spaces, by adding `/spaces/*` to the blocked URLs. When users of your organization will navigate to a page that matches the URL pattern they'll be presented the following page: + +
+Screenshot of blocked pages on the Hub. + +
+ +To define Blocked URLs, enter URL patterns, without the domain name, one per line: + +
+Screenshot of blocked pages on the Hub. + +
+ +The Allowed URLs field, enables you to define some exception to the blocking rules, especially. For example by allowing a specific URL within the Blocked URLs pattern, ie `/spaces/meta-llama/*` diff --git a/docs/hub/enterprise-hub.md b/docs/hub/enterprise-hub.md index f171b3611..cf26aedf9 100644 --- a/docs/hub/enterprise-hub.md +++ b/docs/hub/enterprise-hub.md @@ -22,3 +22,4 @@ In this section we will document the following Enterprise Hub features: - [Advanced Security](./enterprise-hub-advanced-security) - [Tokens Management](./enterprise-hub-tokens-management) - [Analytics](./enterprise-hub-analytics) +- [Network Security](./enterprise-hub-network-security)