This feature is currently in public preview and is not recommended for production use.
Domain filtering lets you control which external domains a sandbox can reach. You can define an allowlist (only listed domains are reachable) or a denylist (all domains except listed ones are reachable). Domain filtering and proxy routing are independent configurations — you do not need to duplicate domains across both. A domain can appear in the allowlist without having a proxy routing rule, and vice versa.
Domain filtering relies on the sandbox’s tools and libraries respecting the standard proxy environment variables (HTTP_PROXY, HTTPS_PROXY). Traffic from tools that ignore proxy environment variables will not be filtered unless domain filter enforcement is enabled.
Allowlist
Only the listed domains are reachable:
await SandboxInstance.create({
name: "restricted-sandbox",
image: "blaxel/base-image:latest",
region: "us-was-1",
network: {
allowedDomains: ["api.stripe.com", "api.openai.com", "*.s3.amazonaws.com"],
proxy: { routing: [] },
},
});
await SandboxInstance.create({
"name": "restricted-sandbox",
"image": "blaxel/base-image:latest",
"region": "us-was-1",
"network": {
"allowedDomains": ["api.stripe.com", "api.openai.com", "*.s3.amazonaws.com"],
"proxy": {"routing": []},
},
})
Denylist
All domains except the listed ones are reachable:
await SandboxInstance.create({
name: "denylist-sandbox",
image: "blaxel/base-image:latest",
region: "us-was-1",
network: {
forbiddenDomains: ["*.malware.com", "evil.example.org"],
proxy: { routing: [] },
},
});
await SandboxInstance.create({
"name": "denylist-sandbox",
"image": "blaxel/base-image:latest",
"region": "us-was-1",
"network": {
"forbiddenDomains": ["*.malware.com", "evil.example.org"],
"proxy": {"routing": []},
},
})
When both allowedDomains and forbiddenDomains are set, allowedDomains takes precedence: a domain that appears in both lists will be allowed.
Domain filter enforcement
By default, domain filtering depends on the sandbox’s tools respecting HTTP_PROXY and HTTPS_PROXY. To enforce filtering even for tools that bypass those variables, add a firewall config with rulesets: ["proxy"]. This forces all outbound traffic to flow through the proxy at the network level.
await SandboxInstance.createIfNotExists({
name: "enforced-sandbox",
image: "blaxel/base-image:latest",
region: "us-was-1",
network: {
firewall: { rulesets: ["proxy"] },
allowedDomains: ["httpbin.org"],
proxy: { routing: [] },
},
});
await SandboxInstance.create_if_not_exists({
"name": "enforced-sandbox",
"image": "blaxel/base-image:latest",
"region": "us-was-1",
"network": {
"firewall": {"rulesets": ["proxy"]},
"allowedDomains": ["httpbin.org"],
"proxy": {"routing": []},
},
})
Currently, this feature is not enforced automatically by the platform when a proxy is configured. In a future release, it will be automatically enforced whenever a proxy is configured.
Firewall + proxy combined
Firewall rules and proxy routing compose naturally:
await SandboxInstance.create({
name: "locked-down",
network: {
allowedDomains: ["api.stripe.com", "api.openai.com"],
proxy: {
routing: [
{
destinations: ["api.stripe.com"],
headers: { "Authorization": "Bearer {{SECRET:stripe-key}}" },
secrets: { "stripe-key": "sk_live_..." },
},
],
},
},
});
await SandboxInstance.create({
"name": "locked-down",
"network": {
"allowedDomains": ["api.stripe.com", "api.openai.com"],
"proxy": {
"routing": [
{
"destinations": ["api.stripe.com"],
"headers": {"Authorization": "Bearer {{SECRET:stripe-key}}"},
"secrets": {"stripe-key": "sk_live_..."},
},
],
},
},
})
Only api.stripe.com and api.openai.com are reachable. The proxy injects credentials for Stripe requests; OpenAI requests go through unmodified.