(blogs.cisco.com)

166 points rldjbpin | 1 comments | 03 Sep 25 08:18 UTC | HN request time: 0s | source

Show context

alexandru_m ◴[03 Sep 25 10:25 UTC] No.45114142[source]▶

Apparently, protecting the API is not planned: https://github.com/ollama/ollama/issues/849

For my own purposes I either restrict ollama's ports in the firewall, or I put some proxy in front of it that blocks access of some header with some predefined api key is not present. Kind of clunky, but it works.

replies(5): >>45114147 #>>45114943 #>>45114992 #>>45117832 #>>45120566 #

omneity ◴[03 Sep 25 12:33 UTC] No.45114943[source]▶

>>45114142 #

Yeah it’s a pretty crazy decision to be honest. Flashbacks to MongoDB and ElasticSearch’s early days.

Fortunately it’s an easy fix. Just front it with nginx or caddy and expect a bearer token (that would be your api key)

replies(2): >>45118733 #>>45120587 #

1. ozim ◴[03 Sep 25 21:26 UTC] No.45120587[source]▶

>>45114943 #

I would say it is reasonable decision as fronting with proxy is quite good approach. Unfortunately lots of non tech people want to “just run it”

↑

Finding thousands of exposed Ollama instances using Shodan