This feature is currently in public preview and is not recommended for production use.
- Proxy routing with secrets injection - the Blaxel proxy performs man-in-the-middle (MITM) interception on outbound HTTPS traffic and injects headers, body fields, and secrets server-side.
- Domain filtering - the Blaxel proxy controls which external domains the sandbox can reach.
How it works
When a sandbox is created with a proxy config, Blaxel:- Sets
HTTP_PROXY,HTTPS_PROXY, andNO_PROXYenvironment variables inside the sandbox - Installs a CA certificate and sets
NODE_EXTRA_CA_CERTSandSSL_CERT_FILEso TLS clients trust the proxy - Performs MITM on outbound HTTPS via CONNECT tunneling
- Matches each request against routing rules by destination domain
- Injects configured headers and body fields, resolving
{{SECRET:name}}placeholders server-side - Adds an
X-Blaxel-Request-Idheader to every proxied request for tracing
HTTP_PROXY, HTTPS_PROXY, and SSL_CERT_FILE environment variables — curl, pip, npm, git, Python requests, and Python httpx all work out of the box. Lower-level libraries that don’t follow these conventions (for example, calling urllib3 directly) need to be pointed at the proxy explicitly.
Localhost (
127.0.0.1), private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), 169.254.169.254, .local, and .internal are always bypassed automatically.Configuration reference
All network settings are passed via thenetwork key in the sandbox creation options:
SandboxNetwork
ProxyConfig
ProxyTarget
Region availability
Proxy availability is region-dependent. TheRegion type includes a proxyAvailable boolean field. Check region support before relying on proxy features:
Environment variables set inside the sandbox
When proxy is configured, the sandbox automatically has:CLI tool compatibility
When proxy is enabled, common CLI tools and high-level clients work transparently inside the sandbox with no extra configuration:
Python’s stdlib
urllib.request is not recommended with the proxy. Prefer requests or httpx, or configure urllib3.ProxyManager directly if you need lower-level control:
Behavior details
- Wildcard matching:
*.example.commatchessub.example.comanda.b.example.combut notexample.comitself - No cross-route leakage: Headers/secrets from one routing rule are never applied to requests matching a different rule
- User headers preserved: The proxy adds injected headers alongside any headers the sandbox code sends — it does not overwrite user-sent headers
- Body merge: Injected body fields are merged into JSON request bodies up to 1 MB. User-sent fields take precedence on key collisions. Requests over 1 MB, requests without a known
Content-Length(e.g. chunked uploads), and streaming RPCs are forwarded unchanged — use header injection for credentials in those cases - Tracing: Every proxied request gets an
X-Blaxel-Request-Idheader for observability - Local traffic: Requests to
localhost/127.0.0.1are never routed through the proxy
HTTP/2 and gRPC
The proxy supports HTTP/2 and gRPC. Clients that previously required HTTP/1.1 workarounds now work without any flags or downgrades:- gRPC SDKs in Go, Python (
grpcio), and Node (@grpc/grpc-js) curl --http2- Go
net/http(HTTP/2 is the default)
grpc-status, grpc-message) are preserved end-to-end.
A few things to keep in mind:
- Header injection works on every request, including streaming RPCs.
- Body injection is skipped on streaming requests (gRPC streams, chunked uploads). Use header injection to attach credentials on streaming workloads — see the body injection limits in Behavior details.
Update proxy configuration
You can update proxy routing rules, secrets, domain filters, and bypass lists on a running sandbox using the SDK’supdateNetwork method. This fetches the current sandbox, merges the new network config, and applies the update in one call:
network configuration. Include all routing rules, domain filters, and secrets you want active after the update.
