← All terms

Egress Proxy

A network intermediary that all outbound traffic from a system must pass through.

An egress proxy is a network intermediary that all outbound traffic from a system must pass through before reaching the public internet. Rather than allowing a process or container to open connections directly, the process sends its requests to the proxy, which then decides whether to forward, modify, block, or log each request based on a defined policy.

How it works

In a typical setup, a workload is placed on a network with no direct route to the internet, often by giving its network interface no default gateway. The only reachable destination is the egress proxy, which sits on a separate network segment with actual internet access. The proxy inspects each outbound request, usually at the HTTP or DNS level, and applies rules such as domain allowlists, IP range blocks, or content-specific handling before deciding whether to let the request through.

Why it matters for AI agents

An AI agent capable of making arbitrary tool calls or fetching arbitrary URLs is, from a network perspective, indistinguishable from an untrusted process probing for open connections until proven otherwise. Giving an agent unrestricted outbound access means it could reach internal services on the same network, cloud metadata endpoints that expose credentials, or arbitrary external hosts for data exfiltration, all without a human approving each request. Routing agent traffic through an egress proxy turns that open-ended network access into something that can be inspected, filtered, and logged centrally, without requiring every agent container to implement its own network policy correctly.

Agenhood's implementation

In Agenhood, agent containers attach to an internal Docker network that has no gateway, so the only way out is through a dedicated egress proxy service. That proxy forwards search-related requests to a self-hosted SearXNG instance and filters all other outbound traffic, blocking requests to private IP ranges and cloud metadata endpoints. This means an agent's ability to reach the internet is defined by the proxy's policy, not by whatever the agent's container image happens to allow.

Related concepts

An egress proxy is one mechanism for egress filtering, the broader practice of controlling outbound traffic. It is the outbound counterpart to a reverse proxy, which controls inbound traffic to internal services.

Get started

Deploy your fleet.

Put a fleet of sandboxed agents to work on your own infrastructure, provisioned in seconds and watched live from one console.

Get started

Admin-provisioned · Self-host in one command · Your data never leaves your VM