-
Notifications
You must be signed in to change notification settings - Fork 0
Security and Privacy
Public GhostlyShare links expose the selected local app to the internet.
Only expose apps you own, trust, and are allowed to share. Public links are useful for demos, temporary reviews, webhook testing, and quick device testing, but they should still be treated carefully.
Do not expose:
- Private admin panels.
- Company-internal systems.
- Database tools.
- Operating system or router services.
- Infrastructure, VPN, printer, or proxy services.
- Anything that contains private customer, company, or personal data.
GhostlyShare intentionally hides some system and infrastructure ports to reduce the chance of accidental exposure.
Password protection protects the GhostlyShare public link. When it is enabled, visitors must enter the password before GhostlyShare forwards traffic to the local app.
This is useful for private demos and temporary testing, but the local app should still be treated carefully. Password protection is not a full user-management system and does not replace careful sharing.
Password visitor sessions expire. The default is 30 minutes, and failed password attempts from the same visitor are locked for 5 minutes after the configured limit is reached. See Password Protection for the exact behavior.
Never post these in public GitHub issues:
- Cloudflare API tokens.
- Passwords.
- Private public URLs.
- Logs that contain secrets.
- Customer or company data.
Remove or redact secrets before posting logs or examples.
- Home
- Installation
- Getting Started
- Command Line Interface
- Security and Privacy
- App Detection
- App Merging
- Going Public
- Traffic Statistics
- Link Lifetime
- Password Protection
- Rate Limits and Sessions
- Custom Domains
- Cleanup and Uninstall
- Known Limitations
- Windows and Linux
- Troubleshooting
- Report Bugs / Request Features
- Testing Checklist
- FAQ