Skip to main content

Documentation Index

Fetch the complete documentation index at: https://e2b.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Every sandbox has access to the internet and can be reached by a public URL.

Controlling internet access

You can control whether a sandbox has access to the internet by using the allowInternetAccess parameter when creating a sandbox. By default, internet access is enabled (true), but you can disable it for security-sensitive workloads. 
import { Sandbox } from 'e2b'

// Create sandbox with internet access enabled (default)
const sandbox = await Sandbox.create({ allowInternetAccess: true })

// Create sandbox without internet access
const isolatedSandbox = await Sandbox.create({ allowInternetAccess: false })
When internet access is disabled, the sandbox cannot make outbound network connections, which provides an additional layer of security for sensitive code execution.
Setting allowInternetAccess to false is equivalent to setting network.denyOut to ['0.0.0.0/0'] (denying all traffic).

Fine-grained network control

For more granular control over network access, you can use the network configuration option to specify allow and deny lists for outbound traffic.

Allow and deny lists

You can specify IP addresses, CIDR blocks, or domain names that the sandbox is allowed to use: 
import { Sandbox, ALL_TRAFFIC } from 'e2b'

// Deny all traffic except specific IPs
const sandbox = await Sandbox.create({
  network: {
    denyOut: [ALL_TRAFFIC],
    allowOut: ['1.1.1.1', '8.8.8.0/24']
  }
})

// Deny specific IPs only
const restrictedSandbox = await Sandbox.create({
  network: {
    denyOut: ['8.8.8.8']
  }
})

Domain-based filtering

You can allow traffic to specific domains by specifying hostnames in allow out. When using domain-based filtering, you must include ALL_TRAFFIC in deny out to block all other traffic. Domains are not supported in the deny out list. 
import { Sandbox, ALL_TRAFFIC } from 'e2b'

// Allow only traffic to google.com
const sandbox = await Sandbox.create({
  network: {
    allowOut: ['google.com'],
    denyOut: [ALL_TRAFFIC]
  }
})
When any domain is used, the default nameserver 8.8.8.8 is automatically allowed to ensure proper DNS resolution.
You can also use wildcards to allow all subdomains of a domain: 
import { Sandbox, ALL_TRAFFIC } from 'e2b'

// Allow traffic to any subdomain of mydomain.com
const sandbox = await Sandbox.create({
  network: {
    allowOut: ['*.mydomain.com'],
    denyOut: [ALL_TRAFFIC]
  }
})
You can combine domain names with IP addresses and CIDR blocks: 
import { Sandbox, ALL_TRAFFIC } from 'e2b'

// Allow traffic to specific domains and IPs
const sandbox = await Sandbox.create({
  network: {
    allowOut: ['api.example.com', '*.github.com', '8.8.8.8'],
    denyOut: [ALL_TRAFFIC]
  }
})
Domain-based filtering only works for HTTP traffic on port 80 (via Host header inspection) and TLS traffic on port 443 (via SNI inspection). Traffic on other ports uses CIDR-based filtering only. UDP-based protocols like QUIC/HTTP3 are not supported for domain filtering.

Behavior of blocked TCP connections

Due to firewall design, blocked connections may appear successful from inside the sandbox. The firewall has to accept the connection first before it can decide whether the destination is allowed. This means that, from inside the sandbox, a TCP connection can succeed and report the socket as open even when the destination is denied - no packets actually reach the destination. To verify that traffic is reaching its destination, check for an application-level response (e.g. an HTTP status code, a TLS handshake, or expected protocol bytes) rather than relying on the TCP connection succeeding. This is a limitation of how outbound traffic is currently routed from the sandbox to our firewall and may change in the future.

Priority rules

When both allow out and deny out are specified, allow rules always take precedence over deny rules. This means if an IP address is in both lists, it will be allowed. 
import { Sandbox, ALL_TRAFFIC } from 'e2b'

// Even though ALL_TRAFFIC is denied, 1.1.1.1 and 8.8.8.8 are explicitly allowed
const sandbox = await Sandbox.create({
  network: {
    denyOut: [ALL_TRAFFIC],
    allowOut: ['1.1.1.1', '8.8.8.8']
  }
})

ALL_TRAFFIC helper

The ALL_TRAFFIC constant represents the CIDR range 0.0.0.0/0, which matches all IP addresses. Use it to easily deny or allow all network traffic: 
import { Sandbox, ALL_TRAFFIC } from 'e2b'

// Deny all outbound traffic
const sandbox = await Sandbox.create({
  network: {
    denyOut: [ALL_TRAFFIC]
  }
})

Per-host request transforms

Per-host request transforms are currently in private beta. If you’d like access, please reach out to us at support@e2b.dev.
You can register per-host rules under network.rules to apply transforms (for example, inject HTTP headers) on outbound requests matching a host. Rules are keyed by host and registering one does not grant egress on its own — the host must still be referenced via allowOut. The transform.headers object is sent on the wire as-is and injected by the egress proxy on matching HTTP/HTTPS requests. 
import { Sandbox } from 'e2b'

await Sandbox.create({
  network: {
    // Only allow egress to hosts that have rules registered.
    allowOut: ({ rules }) => [...rules.keys()],
    rules: {
      'api.example.com': [
        {
          transform: {
            headers: { 'X-Header': 'Content' },
          },
        },
      ],
    },
  },
})
In JavaScript, network.rules accepts either a plain object or a Map:
JavaScript & TypeScript
const rules = new Map([
  ['api.example.com', [{ transform: { headers: { 'X-Trace': 'on' } } }]],
])

await Sandbox.create({
  network: { allowOut: ({ rules }) => [...rules.keys()], rules },
})

Selector callbacks for allowOut and denyOut

allowOut and denyOut accept either a static list (as shown above) or a selector callback that receives a context object — { allTraffic, rules } in JavaScript and ctx.all_traffic / ctx.rules in Python. This lets you derive policies from the registered rule hosts without duplicating them, and provides a typed alternative to importing ALL_TRAFFIC.
  • allTraffic (JS) / ctx.all_traffic (Python) is the literal '0.0.0.0/0'.
  • rules is a Map (Python Mapping) view of network.rules.
import { Sandbox } from 'e2b'

// Block all egress except an explicit allowlist
await Sandbox.create({
  network: {
    denyOut: ({ allTraffic }) => [allTraffic],   // allTraffic === '0.0.0.0/0'
    allowOut: ['1.1.1.1', '8.8.8.0/24'],
  },
})
The selector form (({ allTraffic }) => [allTraffic] / lambda ctx: [ctx.all_traffic]) is the recommended way to express “everything”. The ALL_TRAFFIC constant is still exported for backward compatibility.

Updating network settings on a running sandbox

You can update the network configuration of an already running sandbox using updateNetwork (JavaScript) or update_network (Python). This replaces the current egress rules with the provided configuration without restarting the sandbox. 
import { Sandbox, ALL_TRAFFIC } from 'e2b'

const sandbox = await Sandbox.create()

// Tighten egress on the running sandbox: block 8.8.8.8
await sandbox.updateNetwork({
  denyOut: ['8.8.8.8'],
})

// Replace with an allow-list only
await sandbox.updateNetwork({
  denyOut: [ALL_TRAFFIC],
  allowOut: ['api.example.com'],
})

// Toggle internet access without recreating the sandbox
await sandbox.updateNetwork({ allowInternetAccess: false })
updateNetwork / update_network replaces the current egress configuration — it does not merge with the existing rules. Calling it with an empty object (updateNetwork({}) / update_network({})) clears all allowOut / denyOut / per-host rules set at create time.
The create-only options allowPublicTraffic and maskRequestHost cannot be changed after the sandbox is created.

Sandbox public URL

Every sandbox has a public URL that can be used to access running services inside the sandbox. 
import { Sandbox } from 'e2b'

const sandbox = await Sandbox.create()

// You need to always pass a port number to get the host
const host = sandbox.getHost(3000)
console.log(`https://${host}`)
The code above will print something like this: 
https://3000-i62mff4ahtrdfdkyn2esc.e2b.app
The first leftmost part of the host is the port number we passed to the method.

Restricting public access to sandbox URLs

By default, sandbox URLs are publicly accessible. You can restrict access to require authentication using the allowPublicTraffic option: 
import { Sandbox } from 'e2b'

// Create sandbox with restricted public access
const sandbox = await Sandbox.create({
  network: {
    allowPublicTraffic: false
  }
})

// The sandbox has a traffic access token
console.log(sandbox.trafficAccessToken)

// Start a server inside the sandbox
await sandbox.commands.run('python -m http.server 8080', { background: true })

const host = sandbox.getHost(8080)
const url = `https://${host}`

// Request without token will fail with 403
const response1 = await fetch(url)
console.log(response1.status) // 403

// Request with token will succeed
const response2 = await fetch(url, {
  headers: {
    'e2b-traffic-access-token': sandbox.trafficAccessToken
  }
})
console.log(response2.status) // 200
When allowPublicTraffic is set to false, all requests to the sandbox’s public URLs must include the e2b-traffic-access-token header with the value from sandbox.trafficAccessToken.

Connecting to a server running inside the sandbox

You can start a server inside the sandbox and connect to it using the approach above. In this example we will start a simple HTTP server that listens on port 3000 and responds with the content of the directory where the server is started. 
import { Sandbox } from 'e2b'

const sandbox = await Sandbox.create()

// Start a simple HTTP server inside the sandbox.
const process = await sandbox.commands.run('python -m http.server 3000', { background: true })
const host = sandbox.getHost(3000)
const url = `https://${host}`
console.log('Server started at:', url)

// Fetch data from the server inside the sandbox.
const response = await fetch(url);
const data = await response.text();
console.log('Response from server inside sandbox:', data);

// Kill the server process inside the sandbox.
await process.kill()
This output will look like this: 
Server started at: https://3000-ip3nfrvajtqu5ktoxugc7.e2b.app
Response from server inside sandbox: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Directory listing for /</title>
</head>
<body>
<h1>Directory listing for /</h1>
<hr>
<ul>
<li><a href=".bash_logout">.bash_logout</a></li>
<li><a href=".bashrc">.bashrc</a></li>
<li><a href=".profile">.profile</a></li>
</ul>
<hr>
</body>
</html>

Masking request host headers

You can customize the Host header that gets sent to services running inside the sandbox using the maskRequestHost option. This is useful when your application expects a specific host format. 
import { Sandbox } from 'e2b'

// Create sandbox with custom host masking
const sandbox = await Sandbox.create({
  network: {
    maskRequestHost: 'localhost:${PORT}'
  }
})

// The ${PORT} variable will be replaced with the actual port number
// Requests to the sandbox will have Host header set to for example: localhost:8080
The ${PORT} variable in the mask will be automatically replaced with the actual port number of the requested service.