Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions docs/network/internet-access.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
const sandbox = await Sandbox.create({ allowInternetAccess: true })

// Create sandbox without internet access
const isolatedSandbox = await Sandbox.create({ allowInternetAccess: false })

Check warning on line 21 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L21

Did you really mean 'isolatedSandbox'?
```
```python Python
from e2b import Sandbox
Expand All @@ -34,7 +34,7 @@
When internet access is disabled, the sandbox cannot make outbound network connections, which provides an additional layer of security for sensitive code execution.

<Note>
Setting `allowInternetAccess` / `allow_internet_access` to a falsy value is equivalent to setting `network.denyOut` / `network.deny_out` to `['0.0.0.0/0']` (denying all traffic).

Check warning on line 37 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L37

Did you really mean 'falsy'?
</Note>

## Fine-grained network control
Expand All @@ -49,18 +49,18 @@
```js JavaScript & TypeScript
import { Sandbox } from 'e2b'

// Deny all traffic except specific IPs

Check warning on line 52 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L52

Did you really mean 'IPs'?
const sandbox = await Sandbox.create({
network: {
denyOut: ({ allTraffic }) => [allTraffic], // allTraffic === '0.0.0.0/0'

Check warning on line 55 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L55

Did you really mean 'allTraffic'?

Check warning on line 55 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L55

Did you really mean 'allTraffic'?
allowOut: ['1.1.1.1', '8.8.8.0/24']

Check warning on line 56 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L56

Did you really mean 'allowOut'?
}
})

// Deny specific IPs only

Check warning on line 60 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L60

Did you really mean 'IPs'?
const restrictedSandbox = await Sandbox.create({

Check warning on line 61 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L61

Did you really mean 'restrictedSandbox'?
network: {
denyOut: ['8.8.8.8']

Check warning on line 63 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L63

Did you really mean 'denyOut'?
}
})
```
Expand Down Expand Up @@ -90,7 +90,7 @@

### Domain-based filtering

You can allow traffic to specific domains by specifying hostnames in `allowOut` / `allow_out`. When using domain-based filtering, you must deny all other traffic in `denyOut` / `deny_out`. Domains are not supported in the deny lists.

Check warning on line 93 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L93

Did you really mean 'hostnames'?

<CodeGroup>
```js JavaScript & TypeScript
Expand All @@ -99,7 +99,7 @@
// Allow only traffic to google.com
const sandbox = await Sandbox.create({
network: {
allowOut: ['google.com'],

Check warning on line 102 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L102

Did you really mean 'allowOut'?
denyOut: ({ allTraffic }) => [allTraffic]
}
})
Expand All @@ -118,7 +118,7 @@
</CodeGroup>

<Note>
When any domain is used, the default nameserver `8.8.8.8` is automatically allowed to ensure proper DNS resolution.

Check warning on line 121 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L121

Did you really mean 'nameserver'?
</Note>

You can also use wildcards to allow all subdomains of a domain:
Expand All @@ -130,7 +130,7 @@
// Allow traffic to any subdomain of mydomain.com
const sandbox = await Sandbox.create({
network: {
allowOut: ['*.mydomain.com'],

Check warning on line 133 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L133

Did you really mean 'allowOut'?
denyOut: ({ allTraffic }) => [allTraffic]
}
})
Expand All @@ -154,7 +154,7 @@
```js JavaScript & TypeScript
import { Sandbox } from 'e2b'

// Allow traffic to specific domains and IPs

Check warning on line 157 in docs/network/internet-access.mdx

View check run for this annotation

Mintlify / Mintlify Validation (e2b) - vale-spellcheck

docs/network/internet-access.mdx#L157

Did you really mean 'IPs'?
const sandbox = await Sandbox.create({
network: {
allowOut: ['api.example.com', '*.github.com', '8.8.8.8'],
Expand Down Expand Up @@ -221,8 +221,11 @@
### Per-host request transforms

<Note>
Per-host request transforms are currently in private beta.
If you'd like access, please reach out to us at [support@e2b.dev](mailto:support@e2b.dev).
Per-host request transforms are currently in public beta. You can start using them right away, no need to request access.

Please keep in mind that this feature is still in active development, and the features and ways of interacting with it might change during this period.

If you have any questions or feedback, please [reach out to us](https://e2b.dev/dashboard?support=true). Any input is greatly appreciated.
</Note>

You can register per-host rules under `network.rules` to apply transforms (for example, inject HTTP headers) on outbound requests matching a host. Rules are keyed by host and registering one does **not** grant egress on its own — the host must still be referenced via `allowOut` / `allow_out`.
Expand Down