From e392eb16259c62711b8d72bc36c5d585e503d774 Mon Sep 17 00:00:00 2001 From: Bertrand Chevrier Date: Wed, 20 Nov 2024 12:00:36 +0100 Subject: [PATCH 1/5] feat: network security page --- docs/hub/enterprise-hub-network-security.md | 81 +++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 docs/hub/enterprise-hub-network-security.md diff --git a/docs/hub/enterprise-hub-network-security.md b/docs/hub/enterprise-hub-network-security.md new file mode 100644 index 000000000..063ecdb9a --- /dev/null +++ b/docs/hub/enterprise-hub-network-security.md @@ -0,0 +1,81 @@ +# Network Security + + +This feature is part of the Enterprise Hub __Plus__ plan. + + +## Define your organization IP Ranges + +You can list the IP addresses of your organization's outbound traffic to apply for higher rate limits and/or to enforce authenticated access to Hugging Face from your corporate network. +The outbound IP address ranges are defined in CIDR format. For example, `52.219.168.0/24` or `2600:1f69:7400::/40`. + +You can set multiple ranges, one per line. + +
+Screenshot of the Organization IP Ranges field. + +
+ + +## Higher Rate Limits + +Apply for higher rate-limits for your organization. + +Most of the actions on the Hub have limits, for example, users are limited to creating to a certain number of repositories per day. This option allows your organization to apply for higher limits for your organization members. + +To activate this option, + +1. Toggle on the "Higher Hub rate-limits" option + +
+Screenshot of the toggle to enable High rate-limits. + +
+ +Please note, you're Enterprise Hub Plus subscription will be verified when activating this option. + +2. Ensure the Organization IP Ranges is defined + +Once defined, higher rate limits will apply to the member of your organization with IPs matching the defined ranges. + + +## Enforce authenticated access to the Hugging Face Hub + +This option will ensure only authenticated users from your organization will be able to access the Hugging Face Hub. All public pages will show the following message if access unauthenticated: + +
+Screenshot of restricted pages on the Hub. + +
+ +1. Toggle on the "Enforce authenticated access to the Hub" option + +
+Screenshot of the toggle to enable Enforced authenticated access to the Hub. + +
+ +Please note, you're Enterprise Hub Plus subscription will be verified when activating this option. + +2. Ensure the Organization IP Ranges is defined + + +### Content Access Policy + +You can also define a fine grained Content Access Policy by blocking some section of the Hugging Face Hub. + +For example, you can block your organization's members to access Spaces, by adding `/spaces/*` to the blocked URLs. When users of your organization will navigate to a page that matches the URL pattern they'll be presented the following page: + +
+Screenshot of blocked pages on the Hub. + +
+ +To define Blocked URLs, enter URL patterns, without the domain name, one per line: + +
+Screenshot of blocked pages on the Hub. + +
+ +The Allowed URLs field, enables you to define some exception to the blocking rules, especially. For example by allowing a specific URL within the Blocked URLs pattern, ie `/spaces/meta-llama/*` From 63d4311f73cf694bbff82f23e0c81b524f46ef60 Mon Sep 17 00:00:00 2001 From: Bertrand Chevrier Date: Wed, 20 Nov 2024 12:01:48 +0100 Subject: [PATCH 2/5] update toc --- docs/hub/_toctree.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/hub/_toctree.yml b/docs/hub/_toctree.yml index 0e0bc99bf..111807d6f 100644 --- a/docs/hub/_toctree.yml +++ b/docs/hub/_toctree.yml @@ -346,6 +346,8 @@ title: Tokens Management - local: enterprise-hub-analytics title: Analytics + - local: enterprise-hub-network-security + title: Network Security - local: billing title: Billing - local: security From a9c595a6b4617f7e31fc75580922ac26981e8f14 Mon Sep 17 00:00:00 2001 From: Bertrand Chevrier Date: Wed, 20 Nov 2024 12:32:54 +0100 Subject: [PATCH 3/5] fix: image urls and format --- docs/hub/enterprise-hub-network-security.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/hub/enterprise-hub-network-security.md b/docs/hub/enterprise-hub-network-security.md index 063ecdb9a..df7605b81 100644 --- a/docs/hub/enterprise-hub-network-security.md +++ b/docs/hub/enterprise-hub-network-security.md @@ -1,7 +1,7 @@ # Network Security -This feature is part of the Enterprise Hub __Plus__ plan. +This feature is part of the Enterprise Hub Plus plan. ## Define your organization IP Ranges @@ -74,8 +74,8 @@ For example, you can block your organization's members to access Spaces, by addi To define Blocked URLs, enter URL patterns, without the domain name, one per line:
-Screenshot of blocked pages on the Hub. - +Screenshot of blocked pages on the Hub. +
The Allowed URLs field, enables you to define some exception to the blocking rules, especially. For example by allowing a specific URL within the Blocked URLs pattern, ie `/spaces/meta-llama/*` From 8162c642f977c23ec53dd9a769ea27837e95d4b1 Mon Sep 17 00:00:00 2001 From: Bertrand CHEVRIER Date: Wed, 20 Nov 2024 13:42:36 +0100 Subject: [PATCH 4/5] Apply suggestions from code review Co-authored-by: Julien Chaumond --- docs/hub/enterprise-hub-network-security.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/hub/enterprise-hub-network-security.md b/docs/hub/enterprise-hub-network-security.md index df7605b81..ceef2d5ee 100644 --- a/docs/hub/enterprise-hub-network-security.md +++ b/docs/hub/enterprise-hub-network-security.md @@ -1,7 +1,7 @@ # Network Security -This feature is part of the Enterprise Hub Plus plan. +This feature is part of the Enterprise Plus plan. ## Define your organization IP Ranges @@ -32,7 +32,7 @@ To activate this option, -Please note, you're Enterprise Hub Plus subscription will be verified when activating this option. +Please note, your Enterprise Hub Plus subscription will be verified when activating this option. 2. Ensure the Organization IP Ranges is defined @@ -41,7 +41,7 @@ Once defined, higher rate limits will apply to the member of your organization w ## Enforce authenticated access to the Hugging Face Hub -This option will ensure only authenticated users from your organization will be able to access the Hugging Face Hub. All public pages will show the following message if access unauthenticated: +This option will ensure that, when browsing from your corporate network, only authenticated users belonging to your organization are able to access the Hugging Face Hub. All public pages will show the following message if access unauthenticated:
Screenshot of restricted pages on the Hub. @@ -55,7 +55,7 @@ This option will ensure only authenticated users from your organization will be
-Please note, you're Enterprise Hub Plus subscription will be verified when activating this option. +Please note, your Enterprise Hub Plus subscription will be verified when activating this option. 2. Ensure the Organization IP Ranges is defined From c56d3f42898f8167d5e9cd9ba60cf9be1218ac2e Mon Sep 17 00:00:00 2001 From: Bertrand Chevrier Date: Wed, 20 Nov 2024 13:47:14 +0100 Subject: [PATCH 5/5] fix: add to enterprise section --- docs/hub/enterprise-hub.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/hub/enterprise-hub.md b/docs/hub/enterprise-hub.md index f171b3611..cf26aedf9 100644 --- a/docs/hub/enterprise-hub.md +++ b/docs/hub/enterprise-hub.md @@ -22,3 +22,4 @@ In this section we will document the following Enterprise Hub features: - [Advanced Security](./enterprise-hub-advanced-security) - [Tokens Management](./enterprise-hub-tokens-management) - [Analytics](./enterprise-hub-analytics) +- [Network Security](./enterprise-hub-network-security)