httpjail
| Crates.io | httpjail |
| lib.rs | httpjail |
| version | 0.6.1 |
| created_at | 2025-09-10 15:41:33.977454+00 |
| updated_at | 2025-12-27 16:55:33.175084+00 |
| description | Monitor and restrict HTTP/HTTPS requests from processes |
| homepage | |
| repository | https://github.com/coder/httpjail |
| max_upload_size | |
| id | 1832690 |
| size | 635,500 |
Ammar Bandukwala (ammario)
documentation
README
httpjail
A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception.
Install:
cargo install httpjail
Or download a pre-built binary from the releases page.
Features
[!WARNING] httpjail is experimental and offers no API or CLI compatibility guarantees.
- 🔒 Process-level network isolation - Isolate processes in restricted network environments
- 🌐 HTTP/HTTPS interception - Transparent proxy with TLS certificate injection
- 🛡️ DNS exfiltration protection - Prevents data leakage through DNS queries
- 🔧 Multiple evaluation approaches - JS expressions or custom programs
- 🖥️ Cross-platform - Native support for Linux and macOS
Quick Start
By default, httpjail denies all network requests. Provide a JS rule or script to allow traffic.
# Allow only requests to github.com (JS)
httpjail --js "r.host === 'github.com'" -- your-app
# Load JS from a file (auto-reloads on file changes)
echo "/^api\\.example\\.com$/.test(r.host) && r.method === 'GET'" > rules.js
httpjail --js-file rules.js -- curl https://api.example.com/health
# File changes are detected and reloaded automatically on each request
# Log requests to a file
httpjail --request-log requests.log --js "true" -- npm install
# Log format: "<timestamp> <+/-> <METHOD> <URL>" (+ = allowed, - = blocked)
# Use shell script for request evaluation (process per request)
httpjail --sh "/path/to/script.sh" -- ./my-app
# Script receives env vars: HTTPJAIL_URL, HTTPJAIL_METHOD, HTTPJAIL_HOST, etc.
# Exit code 0 allows, non-zero blocks
# Use line processor for request evaluation (efficient persistent process)
httpjail --proc /path/to/filter.py -- ./my-app
# Program receives JSON on stdin (one per line) and outputs allow/deny decisions
# stdin -> {"method": "GET", "url": "https://api.github.com", "host": "api.github.com", ...}
# stdout -> true
# Run as standalone proxy server (no command execution) and allow all
httpjail --server --js "true"
# Server defaults to ports 8080 (HTTP) and 8443 (HTTPS)
# Configure your application:
# HTTP_PROXY=http://localhost:8080 HTTPS_PROXY=http://localhost:8443
# Run Docker containers with network isolation (Linux only)
httpjail --js "r.host === 'api.github.com'" --docker-run -- --rm alpine:latest wget -qO- https://api.github.com
Documentation
Docs are stored in the docs/ directory and served
at coder.github.io/httpjail.
Table of Contents:
- Installation
- Quick Start
- Configuration
- Rule Engines
- Platform Support
- Request Logging
- TLS Interception
- DNS Exfiltration
- Server Mode
License
This project is released into the public domain under the CC0 1.0 Universal license. See LICENSE for details.