Default server host to localhost for improved security

codelion · codelion · commit 774e981cec29 · 2025-12-24T21:54:17.000+05:30
Set the default server host to '127.0.0.1' in server configuration and update all relevant server start calls to use this value. Updated README with a security note explaining the default binding and instructions for allowing external connections. This change helps prevent unintended external access by default.
diff --git a/README.md b/README.md
@@ -216,15 +216,15 @@ You can then run the optillm proxy as follows.
 ```bash
 python optillm.py
 2024-09-06 07:57:14,191 - INFO - Starting server with approach: auto
-2024-09-06 07:57:14,191 - INFO - Server configuration: {'approach': 'auto', 'mcts_simulations': 2, 'mcts_exploration': 0.2, 'mcts_depth': 1, 'best_of_n': 3, 'model': 'gpt-4o-mini', 'rstar_max_depth': 3, 'rstar_num_rollouts': 5, 'rstar_c': 1.4, 'base_url': ''}
+2024-09-06 07:57:14,191 - INFO - Server configuration: {'approach': 'auto', 'mcts_simulations': 2, 'mcts_exploration': 0.2, 'mcts_depth': 1, 'best_of_n': 3, 'model': 'gpt-4o-mini', 'rstar_max_depth': 3, 'rstar_num_rollouts': 5, 'rstar_c': 1.4, 'base_url': '', 'host': '127.0.0.1'}
  * Serving Flask app 'optillm'
  * Debug mode: off
 2024-09-06 07:57:14,212 - INFO - WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
- * Running on all addresses (0.0.0.0)
  * Running on http://127.0.0.1:8000
- * Running on http://192.168.10.48:8000
 2024-09-06 07:57:14,212 - INFO - Press CTRL+C to quit
 ```
+
+> **Security Note**: By default, optillm binds to `127.0.0.1` (localhost only) for security. To allow external connections (e.g., for Docker or remote access), use `--host 0.0.0.0`. Only do this on trusted networks or with proper authentication configured via `--optillm-api-key`.
 ## Usage
 
 Once the proxy is running, you can use it as a drop in replacement for an OpenAI client by setting the `base_url` as `http://localhost:8000/v1`.
diff --git a/optillm/server.py b/optillm/server.py
@@ -189,6 +189,7 @@ def count_reasoning_tokens(text: str, tokenizer=None) -> int:
     'base_url': '',
     'optillm_api_key': '',
     'return_full_response': False,
+    'host': '127.0.0.1',  # Default to localhost for security; use 0.0.0.0 to allow external connections
     'port': 8000,
     'log': 'info',
     'ssl_verify': True,
@@ -1264,7 +1265,8 @@ def process_batch_requests(batch_requests):
             import gradio as gr
             # Start server in a separate thread
             import threading
-            server_thread = threading.Thread(target=app.run, kwargs={'host': '0.0.0.0', 'port': port})
+            host = server_config['host']
+            server_thread = threading.Thread(target=app.run, kwargs={'host': host, 'port': port})
             server_thread.daemon = True
             server_thread.start()
             
@@ -1311,12 +1313,12 @@ def chat_with_optillm(message, history):
                 description=f"Connected to OptILLM proxy at {base_url}"
             )
             demo.queue()  # Enable queue to handle long operations properly
-            demo.launch(server_name="0.0.0.0", share=False)
+            demo.launch(server_name=host, share=False)
         except ImportError:
             logger.error("Gradio is required for GUI. Install it with: pip install gradio")
             return
         
-    app.run(host='0.0.0.0', port=port)
+    app.run(host=server_config['host'], port=port)
 
 if __name__ == "__main__":
     main()
