FrontLLM Security

Exposing LLM capabilities to web applications introduces several security considerations. Nobody wants to pay for unexpected usage. In this article, we describe the FrontLLM features that help you secure your application and control costs.

Don’t Expose Your Gateway ID Publicly​

When you create a Gateway in FrontLLM, you receive a unique Gateway ID. This ID is used by your web application to connect to the Gateway and access LLM capabilities.
You can use this ID in your frontend code, but you should avoid exposing it in any publicly accessible code. We recommend accessing FrontLLM only from parts of your application that require user authentication or you checked the user is not a bot.

Rate Limits​

FrontLLM Gateways include built-in rate limits to prevent abuse and unexpected costs. We support the following rate-limiting options:

• Maximum requests per IP per hour
• Maximum requests per IP per 24 hours
• Maximum requests per hour
• Maximum requests per 24 hours

Maximum Tokens per Request​

You can configure the maximum number of tokens allowed in a single request to your Gateway. This helps prevent excessively large requests that could result in higher costs.

Limit Access to Models​

You can restrict which models are available through your Gateway. This allows you to control costs by limiting access to more expensive models.

Define Allowed Domains​

You can specify a list of allowed domains that can access your Gateway. This helps prevent unauthorized access from unknown sources.
FrontLLM enforces this restriction using the Referer header - note that this header can be spoofed, so it should not be your only layer of protection.