{"id":31232660,"url":"https://github.com/coder/httpjail","last_synced_at":"2026-02-26T20:39:37.819Z","repository":{"id":314131582,"uuid":"1041536319","full_name":"coder/httpjail","owner":"coder","description":"HTTP(s) request filter for processes","archived":false,"fork":false,"pushed_at":"2026-02-03T20:57:59.000Z","size":915,"stargazers_count":898,"open_issues_count":11,"forks_count":28,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-02-11T01:37:05.414Z","etag":null,"topics":["ai","firewall","security"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/coder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-08-20T16:23:01.000Z","updated_at":"2026-02-10T05:43:27.000Z","dependencies_parsed_at":"2025-09-14T13:00:47.470Z","dependency_job_id":null,"html_url":"https://github.com/coder/httpjail","commit_stats":null,"previous_names":["coder/httpjail"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/coder/httpjail","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coder%2Fhttpjail","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coder%2Fhttpjail/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coder%2Fhttpjail/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coder%2Fhttpjail/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/coder","download_url":"https://codeload.github.com/coder/httpjail/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/coder%2Fhttpjail/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29872216,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-26T18:42:30.764Z","status":"ssl_error","status_checked_at":"2026-02-26T18:41:47.936Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","firewall","security"],"created_at":"2025-09-22T12:01:47.219Z","updated_at":"2026-02-26T20:39:37.813Z","avatar_url":"https://github.com/coder.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"# httpjail\n\n[![Documentation](https://img.shields.io/badge/docs-coder.github.io%2Fhttpjail-blue?logo=readthedocs\u0026style=flat-square)](https://coder.github.io/httpjail/)\n[![Crates.io](https://img.shields.io/crates/v/httpjail.svg)](https://crates.io/crates/httpjail)\n[![CI](https://github.com/coder/httpjail/actions/workflows/tests.yml/badge.svg)](https://github.com/coder/httpjail/actions/workflows/tests.yml)\n\nA cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception.\n\nInstall:\n\n```bash\ncargo install httpjail\n```\n\nOr download a pre-built binary from the [releases page](https://github.com/coder/httpjail/releases).\n\n## Features\n\n\u003e [!WARNING]\n\u003e httpjail is experimental and offers no API or CLI compatibility guarantees.\n\n- 🔒 **Process-level network isolation** - Isolate processes in restricted network environments\n- 🌐 **HTTP/HTTPS interception** - Transparent proxy with TLS certificate injection\n- 🛡️ **DNS exfiltration protection** - Prevents data leakage through DNS queries\n- 🔧 **Multiple evaluation approaches** - JS expressions or custom programs\n- 🖥️ **Cross-platform** - Native support for Linux and macOS\n\n## Quick Start\n\n\u003e By default, httpjail denies all network requests. Provide a JS rule or script to allow traffic.\n\n```bash\n# Allow only requests to github.com (JS)\nhttpjail --js \"r.host === 'github.com'\" -- your-app\n\n# Load JS from a file (auto-reloads on file changes)\necho \"/^api\\\\.example\\\\.com$/.test(r.host) \u0026\u0026 r.method === 'GET'\" \u003e rules.js\nhttpjail --js-file rules.js -- curl https://api.example.com/health\n# File changes are detected and reloaded automatically on each request\n\n# Log requests to a file\nhttpjail --request-log requests.log --js \"true\" -- npm install\n# Log format: \"\u003ctimestamp\u003e \u003c+/-\u003e \u003cMETHOD\u003e \u003cURL\u003e\" (+ = allowed, - = blocked)\n\n# Use shell script for request evaluation (process per request)\nhttpjail --sh \"/path/to/script.sh\" -- ./my-app\n# Script receives env vars: HTTPJAIL_URL, HTTPJAIL_METHOD, HTTPJAIL_HOST, etc.\n# Exit code 0 allows, non-zero blocks\n\n# Use line processor for request evaluation (efficient persistent process)\nhttpjail --proc /path/to/filter.py -- ./my-app\n# Program receives JSON on stdin (one per line) and outputs allow/deny decisions\n# stdin  -\u003e {\"method\": \"GET\", \"url\": \"https://api.github.com\", \"host\": \"api.github.com\", ...}\n# stdout -\u003e true\n\n# Run as standalone proxy server (no command execution) and allow all\nhttpjail --server --js \"true\"\n# Server defaults to ports 8080 (HTTP) and 8443 (HTTPS)\n# Configure your application:\n# HTTP_PROXY=http://localhost:8080 HTTPS_PROXY=http://localhost:8443\n\n# Run Docker containers with network isolation (Linux only)\nhttpjail --js \"r.host === 'api.github.com'\" --docker-run -- --rm alpine:latest wget -qO- https://api.github.com\n```\n\n## Documentation\n\nDocs are stored in the `docs/` directory and served\nat [coder.github.io/httpjail](https://coder.github.io/httpjail).\n\nTable of Contents:\n\n- [Installation](https://coder.github.io/httpjail/guide/installation.html)\n- [Quick Start](https://coder.github.io/httpjail/guide/quick-start.html)\n- [Configuration](https://coder.github.io/httpjail/guide/configuration.html)\n- [Rule Engines](https://coder.github.io/httpjail/guide/rule-engines/index.html)\n  - [JavaScript](https://coder.github.io/httpjail/guide/rule-engines/javascript.html)\n  - [Shell](https://coder.github.io/httpjail/guide/rule-engines/shell.html)\n  - [Line Processor](https://coder.github.io/httpjail/guide/rule-engines/line-processor.html)\n- [Platform Support](https://coder.github.io/httpjail/guide/platform-support.html)\n- [Request Logging](https://coder.github.io/httpjail/guide/request-logging.html)\n- [TLS Interception](https://coder.github.io/httpjail/advanced/tls-interception.html)\n- [DNS Exfiltration](https://coder.github.io/httpjail/advanced/dns-exfiltration.html)\n- [Server Mode](https://coder.github.io/httpjail/advanced/server-mode.html)\n\n## License\n\nThis project is released into the public domain under the CC0 1.0 Universal license. See [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoder%2Fhttpjail","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcoder%2Fhttpjail","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcoder%2Fhttpjail/lists"}