Skip to main content
This feature is currently in public preview and is not recommended for production use.
Domain filtering lets you control which external domains a sandbox can reach. You can define an allowlist (only listed domains are reachable) or a denylist (all domains except listed ones are reachable). Domain filtering and proxy routing are independent configurations — you do not need to duplicate domains across both. A domain can appear in the allowlist without having a proxy routing rule, and vice versa.
Domain filtering relies on the sandbox’s tools and libraries respecting the standard proxy environment variables (HTTP_PROXY, HTTPS_PROXY). Traffic from tools that ignore proxy environment variables will not be filtered unless domain filter enforcement is enabled.

Allowlist

Only the listed domains are reachable:
await SandboxInstance.create({
  name: "restricted-sandbox",
  image: "blaxel/base-image:latest",
  region: "us-was-1",
  network: {
    allowedDomains: ["api.stripe.com", "api.openai.com", "*.s3.amazonaws.com"],
    proxy: { routing: [] },
  },
});
await SandboxInstance.create({
    "name": "restricted-sandbox",
    "image": "blaxel/base-image:latest",
    "region": "us-was-1",
    "network": {
        "allowedDomains": ["api.stripe.com", "api.openai.com", "*.s3.amazonaws.com"],
        "proxy": {"routing": []},
    },
})

Denylist

All domains except the listed ones are reachable:
await SandboxInstance.create({
  name: "denylist-sandbox",
  image: "blaxel/base-image:latest",
  region: "us-was-1",
  network: {
    forbiddenDomains: ["*.malware.com", "evil.example.org"],
    proxy: { routing: [] },
  },
});
await SandboxInstance.create({
    "name": "denylist-sandbox",
    "image": "blaxel/base-image:latest",
    "region": "us-was-1",
    "network": {
        "forbiddenDomains": ["*.malware.com", "evil.example.org"],
        "proxy": {"routing": []},
    },
})
When both allowedDomains and forbiddenDomains are set, allowedDomains takes precedence: a domain that appears in both lists will be allowed.

Domain filter enforcement

By default, domain filtering depends on the sandbox’s tools respecting HTTP_PROXY and HTTPS_PROXY. To enforce filtering even for tools that bypass those variables, add a firewall config with rulesets: ["proxy"]. This forces all outbound traffic to flow through the proxy at the network level.
await SandboxInstance.createIfNotExists({
  name: "enforced-sandbox",
  image: "blaxel/base-image:latest",
  region: "us-was-1",
  network: {
    firewall: { rulesets: ["proxy"] },
    allowedDomains: ["httpbin.org"],
    proxy: { routing: [] },
  },
});
await SandboxInstance.create_if_not_exists({
    "name": "enforced-sandbox",
    "image": "blaxel/base-image:latest",
    "region": "us-was-1",
    "network": {
        "firewall": {"rulesets": ["proxy"]},
        "allowedDomains": ["httpbin.org"],
        "proxy": {"routing": []},
    },
})
Currently, this feature is not enforced automatically by the platform when a proxy is configured. In a future release, it will be automatically enforced whenever a proxy is configured.

Firewall + proxy combined

Firewall rules and proxy routing compose naturally:
await SandboxInstance.create({
  name: "locked-down",
  network: {
    allowedDomains: ["api.stripe.com", "api.openai.com"],
    proxy: {
      routing: [
        {
          destinations: ["api.stripe.com"],
          headers: { "Authorization": "Bearer {{SECRET:stripe-key}}" },
          secrets: { "stripe-key": "sk_live_..." },
        },
      ],
    },
  },
});
await SandboxInstance.create({
    "name": "locked-down",
    "network": {
        "allowedDomains": ["api.stripe.com", "api.openai.com"],
        "proxy": {
            "routing": [
                {
                    "destinations": ["api.stripe.com"],
                    "headers": {"Authorization": "Bearer {{SECRET:stripe-key}}"},
                    "secrets": {"stripe-key": "sk_live_..."},
                },
            ],
        },
    },
})
Only api.stripe.com and api.openai.com are reachable. The proxy injects credentials for Stripe requests; OpenAI requests go through unmodified.
Last modified on June 25, 2026