Hugging Face Stuck? Clash Split Rules for hf.co, CDN, and Git LFS in 2026

Why Hugging Face Feels Fast and Slow at the Same Time

In 2026, Hugging Face remains the default meeting point for open weights, public datasets, and the glue scripts that turn a README into a reproducible workflow. The experience is polished in a browser: search, model cards, and discussion threads load quickly enough that you assume the network is “fine.” Then you start the part that matters—model download, a git lfs pull, or a Python client streaming shards—and progress bars crawl, retries multiply, or the process hangs between small JSON responses and enormous binary payloads. That split personality is not random. Hub pages and API metadata often ride different paths than Git LFS objects and regional CDN edges, and Clash will happily route each hop through whatever rule wins first.

Clash and Mihomo-class cores apply split rules in strict first-match order. A broad GEOIP shortcut, a domestic-direct convenience line, or a subscription bundle that reshuffles merge order can send LFS traffic somewhere that works for short HTTPS probes yet throttles multi-gigabyte TLS streams. The symptom is maddening because the failure mode masquerades as “Hugging Face is down” when the real story is policy: your YAML never granted consistent coverage to every registrable domain the client actually uses.

This article stays in the lane of artifact delivery—repositories, LFS pointers, and large blobs—not chat API frontends. If you are debugging OpenAI-compatible HTTP routers instead, use the OpenRouter split-rule guide; the hostname list and failure shapes differ even though both sit under “AI infrastructure.” For shared vocabulary on GEOIP, MATCH, and merge discipline, keep the rule split guide open beside this page.

What Hostnames Actually Show Up for Hub, hf.co, and LFS

Start with the public name. The organization brands both huggingface.co and the short hf.co domain for links and redirects. In practice your tools may hit either form depending on clone URLs, CLI defaults, or documentation copy-pasted from different years. Treat both suffixes as first-class citizens in your profile rather than hoping one redirects cleanly through a domestic path you did not intend.

Repository operations—clone, fetch, and LFS batch exchanges—typically anchor on subdomains of the same registrable domains rather than a single monolithic host. Community runbooks mention patterns such as cdn-lfs.huggingface.co for large object delivery alongside the Git and Hub front doors you already recognize. Exact subdomains evolve with infrastructure, which is why this guide emphasizes DOMAIN-SUFFIX,huggingface.co and DOMAIN-SUFFIX,hf.co as the durable backbone, then invites you to add explicit DOMAIN lines only when your connection log proves a gap.

Python-centric workflows add another layer. The huggingface_hub library can talk to Hub APIs and Xet-style transports depending on version and configuration, which sometimes surfaces additional hostnames or shifts large transfers to endpoints that look like opaque storage hosts. When a tutorial says “just install and run,” the hidden assumption is that every hostname in that stack shares the same outbound policy. Clash does not read tutorials; it reads your rules.

If you mirror content internally or use enterprise caches, you may see overrides such as HF_ENDPOINT pointing at a private gateway. The routing lesson is unchanged: capture the suffix your organization actually uses and route it deliberately. A forgotten override is indistinguishable from a “broken VPN” until you read the environment and the log side by side.

Git LFS, Thin Clones, and Why HTML Speed Lies

Git LFS replaces giant blobs with text pointers in Git history while storing real bytes in a separate object store. Your Git client therefore performs a choreography: negotiate refs over Git HTTPS, discover LFS objects, then open parallel or sequential downloads against storage hosts that may live on different certificates, latencies, and congestion profiles than the initial HTML you used to browse the model card.

That separation is where split rules earn their keep. A policy that proxies the pretty website but leaves LFS on a congested or misclassified path produces the classic user complaint: “I can open the page, so why is git clone stuck at 0%?” Sometimes the inverse happens—LFS succeeds while Hub API calls for revision metadata fail—because two different lines in your subscription ruleset grabbed different halves of the suffix tree. Uniform suffix coverage avoids whack-a-mole.

Command-line users should remember that Git respects its own HTTP configuration and environment. Corporate proxies, custom http.sslBackend choices, or tools that bypass the OS resolver can all create “Clash says PROXY but Git says DIRECT” contradictions. Align Git with the same capture mode you use for the rest of the machine—system proxy, manual HTTP proxy environment variables, or TUN—before you blame the upstream storage cluster.

Give Hugging Face a Dedicated Proxy-Group

Names are cheap; confusion is expensive. Create a group such as HF_HUB or HUGGINGFACE and point your suffix rules at it even if, on day one, it contains the same nodes as your general PROXY pool. Separation buys operational clarity: when a 20 GB checkpoint stalls, you can rotate exits inside a small policy surface without touching streaming, gaming, or domestic-direct shortcuts you spent weeks stabilizing.

Inside the group, bias toward stability over leaderboard latency. Aggressive url-test flapping mid-transfer shows up as canceled ranged requests and mysterious resume failures. Prefer nodes with consistent throughput and sane peering to major clouds over the lowest ping to a speed-test host. If you must failover, widen tolerances and lengthen intervals so long downloads survive transient jitter.

If you are also tuning IDE assistants, resist merging unrelated stacks into one “AI mega-group.” Our Cursor IDE routing article documents a different hostname constellation; mixing concerns makes regressions harder to bisect when only one toolchain breaks after a subscription update.

Copy-Ready Rule Skeleton (Place Above GEOIP)

The fragment below is intentionally conservative. Insert it above broad GEOIP or catch-all domestic lines, then extend only with hostnames your connection log proves are missing—not with keyword soup copied from outdated forum posts.

# Conceptual excerpt — extend from your Mihomo / Clash logs
proxy-groups:
  - name: HF_HUB
    type: select
    proxies:
      - NODE-STABLE-1
      - NODE-STABLE-2
      - PROXY

rules:
  - DOMAIN-SUFFIX,hf.co,HF_HUB
  - DOMAIN-SUFFIX,huggingface.co,HF_HUB
  # Optional explicit rows if logs show gaps, e.g.:
  # - DOMAIN,cdn-lfs.huggingface.co,HF_HUB
  # ... your GEOIP / MATCH logic follows ...

First-match semantics reward boring discipline. If a subscription provider injects a GEOIP,CN,DIRECT line ahead of your developer exceptions because merge order changed overnight, you will spend hours blaming Hugging Face for a routing regression you introduced yourself. Fence personal overrides in a clearly marked YAML region or a user-controlled rule-provider you load after defaults, and re-check order whenever you import a new bundle. For import hygiene, revisit the subscription import guide before you chase ghosts in DNS.

DNS, Fake-IP, and CDN Flows That Arrive as Raw IPs

Clash’s DNS story and its rule engine are partners that sometimes argue. Under fake-ip, the core synthesizes short-lived answers so domain rules stay reliable—until a stubborn resolver bypasses your listener or an application pins its own DoH path. Desktop browsers, language runtimes, and Git builds each bring their own resolver habits. The user-visible result is familiar: YAML looks perfect, yet flows still walk the wrong group.

Align three knobs deliberately: the OS resolver path, Clash’s dns listeners and fallback policy, and whether TUN captures the downloader you care about. The TUN mode guide walks whole-machine capture with the same coupling in mind. Change one variable per experiment; otherwise you cannot attribute a fix.

Large CDN deliveries sometimes present as TLS connections to bare IPs after a redirect chain or inside libraries that reuse connections across hosts. When rules never see a domain, enable or refine Mihomo Sniffer logic with the usual caution: sniffing is powerful and can be wrong if mis-tuned, so pair it with log evidence rather than turning every protocol knob to maximum because a forum said so.

If you operate split DNS for work and home, remember that poisoned or split answers can steer clients toward geographically “close” edges that disagree with the exit country of your proxy. The browser may mask the pain while Git LFS exposes it immediately. Fix resolver alignment first; only then swap nodes.

Choosing Exits for Multi-Gigabyte Model Downloads

Not every proxy node is a good citizen for ranged GET requests over long durations. Some exits rate-limit sustained throughput, others reset idle TLS sessions aggressively, and a few peer poorly with the cloud regions where Hub storage fronts live. Practical selection prioritizes consistent completion over peak burst screenshots.

When downloads fail halfway, capture whether the failure correlates with time of day, a specific datacenter brand, or a particular country policy. If every exit in a region fails identically, suspect local ISP shaping or a middlebox before you declare the Hub broken. If only one node family fails, drop that family from HF_HUB and move on.

Remember compliance. Route traffic only through networks and accounts you are permitted to use, and respect Hugging Face terms alongside local regulations. This guide is about making intentional paths visible inside Clash, not about circumventing access controls you do not own.

Verification Order: Logs First, Then curl or Git, Then Node Roulette

Treat this sequence as a checklist, not a buffet. First, reproduce one failing transfer while logging is verbose enough to show rule hits, chosen policy groups, and outbound interfaces. Confirm flows that should be Hugging Face-related land in HF_HUB—not an accidental DIRECT escape or a catch-all PROXY you forgot to subdivide.

Second, run a minimal Git or HTTPS probe from the same environment as your failing tool, with proxy settings matched to reality. A git ls-remote against a public test repository or a short curl -I against a known Hub endpoint separates TLS and routing failures from application-level bugs. If the minimal probe succeeds while your training script fails, compare how each runtime resolves proxies.

Third, only then rotate nodes inside HF_HUB. Node issues are real, but they should not be your first guess when YAML order or DNS alignment is wrong. For scripted workflows, capture one representative hostname from the log and grep your rules for the suffix that should have matched; you will often find a silent merge regression instead of a “bad datacenter.”

huggingface-cli, Caches, and Environment Surprises

The official CLI and libraries honor cache directories and token files, but they also inherit the environment of the shell that launched them. A common footgun is running downloads under sudo or in a systemd service where HTTP_PROXY variables disappear, making Clash invisible to the process even though your interactive terminal works. Another is mixing conda, pipx, and system Python so that two different tool versions speak to Hub with two different transport stacks.

When you set endpoints or mirrors, print the effective configuration before blaming the network. A stray HF_ENDPOINT or legacy mirror variable can redirect traffic to hostnames outside your huggingface.co suffix assumptions. Update rules to match reality rather than forcing tools back to defaults you no longer use.

Closing Thoughts

Hugging Face is where models meet developers, and Git LFS with regional CDN delivery is how those models actually arrive on disk. Clash shines when you treat that delivery chain as a first-class routing problem: explicit DOMAIN-SUFFIX coverage for hf.co and huggingface.co, a dedicated proxy-group ordered ahead of GEOIP, DNS aligned with how you capture packets, and verification that begins in connection logs rather than forum YAML dumps. Compared with one-off browser extensions, a maintained Mihomo-class profile keeps Hub traffic next to the rest of your networking policy—where reproducible engineering belongs.

When you want installers and update paths without hunting scattered releases, start from one place. → Download Clash for free and experience the difference.