This feature is currently in public preview and is not recommended for production use. During the preview, the proxy and network features are only available in the us-was-1 region.
Domain filtering relies on the sandbox’s tools and libraries respecting the standard proxy environment variables (HTTP_PROXY, HTTPS_PROXY). Traffic from tools that ignore these variables will not be filtered. Routing-level enforcement is planned for a future release.
Allowlist
Only the listed domains are reachable:
await SandboxInstance.create({
name: "restricted-sandbox",
image: "blaxel/base-image:latest",
region: "us-was-1",
network: {
allowedDomains: ["api.stripe.com", "api.openai.com", "*.s3.amazonaws.com"],
proxy: { routing: [] },
},
});
Denylist
All domains except the listed ones are reachable:
await SandboxInstance.create({
name: "denylist-sandbox",
image: "blaxel/base-image:latest",
region: "us-was-1",
network: {
forbiddenDomains: ["*.malware.com", "evil.example.org"],
proxy: { routing: [] },
},
});
When both allowedDomains and forbiddenDomains are set, forbiddenDomains takes precedence: a domain that appears in both lists will be blocked.
Firewall + proxy combined
Firewall rules and proxy routing compose naturally:
await SandboxInstance.create({
name: "locked-down",
network: {
allowedDomains: ["api.stripe.com", "api.openai.com"],
proxy: {
routing: [
{
destinations: ["api.stripe.com"],
headers: { "Authorization": "Bearer {{SECRET:stripe-key}}" },
secrets: { "stripe-key": "sk_live_..." },
},
],
},
},
});
api.stripe.com and api.openai.com are reachable. The proxy injects credentials for Stripe requests; OpenAI requests go through unmodified.
