Allowlist

Explicit list of permitted domains. Everything else blocked. Simpler than allowlist-with-exceptions.

Advertisement

DNS filtering

Resolve DNS at proxy. Reject internal IPs (169.254.169.254 metadata service, RFC 1918 private ranges). Prevents SSRF to cloud metadata.

Advertisement

Rate limits per domain

Limit agent hitting single external host. Prevents DoS of victim + reduces exfiltration bandwidth.

HTTP method restrictions

Read-only tools: only GET/HEAD. Writes require explicit tool + approval flow.