Security Controls

1. Password-Gated Access

When you run the CLI with --password, unauthenticated requests never reach the directory listing. Local Bridge serves a login screen first and only exposes files after a successful password check.

Password checks use constant-time comparison to reduce timing leakage. After a successful login, the server signs an HTTP-only session cookie with a per-process HMAC secret that lives only in memory.

2. Public URL TLS and Outbound Connections

Visitors connect to the public URL over HTTPS through Cloudflare. Local Bridge uses cloudflared to maintain an outbound connection to Cloudflare, so you do not have to expose inbound ports on your machine or router.

The local file server itself listens on local HTTP. The public leg benefits from TLS, but overall trust still depends on Cloudflare, the local network, and the security posture of the machine running the CLI.

3. Local Data Handling

Local Bridge stores license data, the registry of running background shares, and cached tunnel binaries under your local user profile. On Unix-like systems, files created by the CLI use owner-only directory and file modes where applicable.

On Windows, installation and runtime data live inside the current user's profile or local app data directories. This keeps operational data scoped to the machine user running the tool instead of a shared system location.

4. Protecting Secrets via Environment

Passing flags like --password "project-access" directly into the terminal can leak secrets into shell history. For production and team environments, we recommend using environment variables instead:

# Set the password via environment variable
LOCALBRIDGE_PASSWORD="project-access" localbridge ./secret-folder

Local Bridge checks the LOCALBRIDGE_PASSWORD variable before falling back to CLI arguments, keeping your history file cleaner. See the Configuration page for platform-specific instructions on setting environment variables.

5. Per-IP Rate Limiting

Local Bridge includes an in-memory per-IP rate limiter that intercepts requests before they reach the file handler. The default is 60 requests per minute per IP. Override it with --rate-limit 30 or LOCALBRIDGE_RATE_LIMIT=30.

When a client exceeds the limit, Local Bridge returns HTTP 429 Too Many Requests. Periodic cleanup removes stale counters so long-lived shares do not accumulate unbounded limiter state.

6. Path Safety and Ignore Rules

Local Bridge validates requested paths against the configured root directory and resolves symlinks before serving content. That helps block traversal attempts that try to escape the shared folder.

Create a .lbignore file to exclude sensitive paths from the public share. Ignore rules are enforced at request time, so a hidden file still returns 404 Not Found even if someone guesses the direct URL.

7. License Verification Transparency

Local Bridge verifies your license once every 24 hours, with a 7-day offline grace period. Here is exactly what is sent and what is not:

The device identifier is a one-way hash. It cannot be reversed to recover your hostname or username. You can verify the exact network calls yourself with a tool like Wireshark or mitmproxy. For a complete legal description of data handling, see the Privacy Policy.

8. Reporting Vulnerabilities

If you discover a security vulnerability in Local Bridge, please report it privately. Do not open a public GitHub issue.

In scope: path traversal, authentication bypass, information disclosure, remote code execution, and any issue that lets an attacker access files outside the shared directory.

Out of scope: denial-of-service on the local server (inherent to the design), Cloudflare infrastructure vulnerabilities (report to Cloudflare), and self-inflicted issues from sharing a root directory.

Responsible disclosers will be credited on this page (with your permission) and may receive a complimentary license extension.