-
Notifications
You must be signed in to change notification settings - Fork 0
Rate Limits and Sessions
GhostlyShare is built for temporary public access. The app keeps several session types separate: the public sharing session, warm tunnel slots, Cloudflare quick-tunnel cooldowns, custom-domain cleanup state, and password visitor sessions.
In the desktop app, an app card is live while sharing is enabled for that app. When
you stop sharing, GhostlyShare disables forwarding for that public URL. It may keep
the underlying tunnel process warm while GhostlyShare is still open, so seeing a
cloudflared process does not always mean a public link is active.
In the CLI, the running command is the session:
ghs share 5173Keep the terminal process open while the public link should work. Press Ctrl+C to
stop sharing and let GhostlyShare clean up. There is no CLI background daemon and
no separate ghs stop or ghs list command.
A public sharing session can have an optional lifetime. When the lifetime expires, GhostlyShare stops sharing the public link automatically.
In the desktop app, choose the clock option before going public or while the link
is live. In the CLI, use --expires-after when starting ghs share:
ghs share 5173 --expires-after 15m
ghs share 5173 --expires-after todayLimits:
| Setting | Behavior |
|---|---|
| Minimum lifetime | 1 minute |
| Maximum lifetime | 40 days, 23 hours, 59 minutes |
| Desktop custom minutes | 0 to 59 |
| Desktop custom hours | 0 to 23 |
| Desktop custom days | 0 to 40 |
The lifetime starts after the public link is successfully online. Manual stop, closing GhostlyShare, or stopping the CLI process ends the session earlier.
If you change the desktop lifetime while the link is live, GhostlyShare replaces the current timer. Choosing Open removes the timer for the current link.
GhostlyShare allows up to 3 public apps at the same time. This limit is intentional: it keeps local proxy state simple and helps avoid creating too many Cloudflare quick tunnels in a short time.
If 3 active public apps are already live, starting another one is rejected until you stop one of them.
GhostlyShare can also keep inactive tunnels warm. If 3 warm slots are full and at least one is inactive, GhostlyShare may stop the oldest inactive tunnel so a new app can be shared.
Random trycloudflare.com links use Cloudflare quick tunnels. If Cloudflare rejects
a quick-tunnel start because too many were created recently, GhostlyShare records a
local cooldown and avoids repeatedly asking Cloudflare during that period.
Cooldown behavior:
| Consecutive quick-tunnel rate limit | Cooldown |
|---|---|
| First detected rate limit | 1 hour |
| Second consecutive detected rate limit | 3 hours |
| Third and later consecutive detected rate limits | 6 hours |
An active cooldown is not extended just because GhostlyShare checks it again. A successful tunnel start clears the saved cooldown state.
The cooldown state is saved in GhostlyShare's user data as tunnel-state.json, so
the desktop app and CLI can see the same local cooldown for the same user profile.
This cooldown is for random quick-tunnel creation. Custom domains use your Cloudflare account, DNS records, and managed tunnels; they can still be affected by Cloudflare API, DNS, or account limits, but they are not governed by this quick-tunnel cooldown.
Custom domains create Cloudflare resources for the selected hostname:
- A Cloudflare tunnel.
- A proxied CNAME DNS record with Cloudflare automatic TTL.
- A local managed tunnel process.
- An in-memory session entry while GhostlyShare is running.
When sharing stops normally, GhostlyShare attempts to remove the temporary DNS record and tunnel and stop the managed tunnel process. If the app is force-killed, the machine loses power, or cleanup cannot reach Cloudflare, cleanup may not finish. In that case, inspect your Cloudflare dashboard and remove leftover GhostlyShare tunnels or DNS records if needed.
Password protection has its own visitor session. After the correct password is
entered, GhostlyShare sets a signed ghostlyshare_access browser cookie for the
current tunnel route.
Defaults and limits:
| Setting | Behavior |
|---|---|
| Password length | 8 to 32 characters |
| Failed attempts before lockout | Default 3, configurable 3 to 10 |
| Lockout duration | 5 minutes |
| Password session duration | Default 30 minutes |
| CLI session duration range | 5 to 1440 minutes |
| Desktop session choices | 5 min, 15 min, 30 min, 1 hour, 4 hours, 24 hours |
The password cookie is tied to the current tunnel route session and signed with a route-specific secret. It expires at the configured time and is invalid after the link is stopped and started again. The session is not sliding; continuing to browse does not extend the original expiration.
In the desktop app, changing or removing password protection while a link is live also rotates the route session. Existing visitor password cookies from the previous settings are invalid for new requests.
During password lockout, GhostlyShare returns 429 Too Many Requests with
Retry-After: 300. Even the correct password is rejected until the 5-minute lockout
has expired.
- Home
- Installation
- Getting Started
- Command Line Interface
- Security and Privacy
- App Detection
- App Merging
- Going Public
- Traffic Statistics
- Link Lifetime
- Password Protection
- Rate Limits and Sessions
- Custom Domains
- Cleanup and Uninstall
- Known Limitations
- Windows and Linux
- Troubleshooting
- Report Bugs / Request Features
- Testing Checklist
- FAQ