Egress Proxy
A network intermediary that all outbound traffic from a system must pass through.
An egress proxy is a network intermediary that all outbound traffic from a system must pass through before reaching the public internet. Rather than allowing a process or container to open connections directly, the process sends its requests to the proxy, which then decides whether to forward, modify, block, or log each request based on a defined policy.
How it works
In a typical setup, a workload is placed on a network with no direct route to the internet, often by giving its network interface no default gateway. The only reachable destination is the egress proxy, which sits on a separate network segment with actual internet access. The proxy inspects each outbound request, usually at the HTTP or DNS level, and applies rules such as domain allowlists, IP range blocks, or content-specific handling before deciding whether to let the request through.
Why it matters for AI agents
An AI agent capable of making arbitrary tool calls or fetching arbitrary URLs is, from a network perspective, indistinguishable from an untrusted process probing for open connections until proven otherwise. Giving an agent unrestricted outbound access means it could reach internal services on the same network, cloud metadata endpoints that expose credentials, or arbitrary external hosts for data exfiltration, all without a human approving each request. Routing agent traffic through an egress proxy turns that open-ended network access into something that can be inspected, filtered, and logged centrally, without requiring every agent container to implement its own network policy correctly.
Agenhood's implementation
In Agenhood, agent containers attach to an internal Docker network that has no gateway, so the only way out is through a dedicated egress proxy service. That proxy forwards search-related requests to a self-hosted SearXNG instance and filters all other outbound traffic, blocking requests to private IP ranges and cloud metadata endpoints. This means an agent's ability to reach the internet is defined by the proxy's policy, not by whatever the agent's container image happens to allow.
Related concepts
An egress proxy is one mechanism for egress filtering, the broader practice of controlling outbound traffic. It is the outbound counterpart to a reverse proxy, which controls inbound traffic to internal services.