Allowlist
Explicit list of permitted domains. Everything else blocked. Simpler than allowlist-with-exceptions.
Advertisement
DNS filtering
Resolve DNS at proxy. Reject internal IPs (169.254.169.254 metadata service, RFC 1918 private ranges). Prevents SSRF to cloud metadata.
Advertisement
Rate limits per domain
Limit agent hitting single external host. Prevents DoS of victim + reduces exfiltration bandwidth.
HTTP method restrictions
Read-only tools: only GET/HEAD. Writes require explicit tool + approval flow.