httpjail
A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception.
Install:
Features
- π Process-level network isolation - Isolate processes in restricted network environments
- π HTTP/HTTPS interception - Transparent proxy with TLS certificate injection
- π― Regex-based filtering - Flexible allow/deny rules with regex patterns
- π Request logging - Monitor and log all HTTP/HTTPS requests
- π₯οΈ Cross-platform - Native support for Linux and macOS
- β‘ Zero configuration - Works out of the box with sensible defaults
MVP TODO
- Update README to be more reflective of AI agent restrictions
- Add a
--servermode that runs the proxy server but doesn't execute the command - Expand test cases to include WebSockets
Quick Start
# Allow only requests to github.com
# Log requests to a file
# Log format: "<timestamp> <+/-> <METHOD> <URL>" (+ = allowed, - = blocked)
# Block specific domains
# Method-specific rules
# Use config file for complex rules
# Run as standalone proxy server (no command execution)
# Server defaults to ports 8080 (HTTP) and 8443 (HTTPS)
# Configure your application:
# HTTP_PROXY=http://localhost:8080 HTTPS_PROXY=http://localhost:8443
Architecture Overview
httpjail creates an isolated network environment for the target process, intercepting all HTTP/HTTPS traffic through a transparent proxy that enforces user-defined rules.
Linux Implementation
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β httpjail Process β
βββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1. Create network namespace β
β 2. Setup nftables rules β
β 3. Start embedded proxy β
β 4. Export CA trust env vars β
β 5. Execute target process in namespace β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β Target Process β
β β’ Isolated in network namespace β
β β’ All HTTP/HTTPS β local proxy β
β β’ CA cert trusted via env vars β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
macOS Implementation
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β httpjail Process β
βββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1. Start HTTP/HTTPS proxy servers β
β 2. Set HTTP_PROXY/HTTPS_PROXY env vars β
β 3. Generate/load CA certificate β
β 4. Execute target with proxy environment β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
β Target Process β
β β’ HTTP_PROXY/HTTPS_PROXY environment vars β
β β’ Applications must respect proxy settings β
β β’ CA cert via environment variables β
βββββββββββββββββββββββββββββββββββββββββββββββββββ
Note: Due to macOS PF (Packet Filter) limitations, httpjail uses environment-based proxy configuration on macOS. PF translation rules (such as rdr and route-to) cannot match on user or group, making transparent traffic interception impossible. As a result, httpjail operates in "weak mode" on macOS, relying on applications to respect the HTTP_PROXY and HTTPS_PROXY environment variables. Most command-line tools and modern applications respect these settings, but some may bypass them. See also https://github.com/coder/httpjail/issues/7.
Platform Support
| Feature | Linux | macOS | Windows |
|---|---|---|---|
| Traffic isolation | β Namespaces + nftables | β οΈ Env vars only | π§ Planned |
| TLS interception | β Transparent MITM + env CA | β Env variables | π§ Cert store |
| Sudo required | β οΈ Yes | β No | π§ |
| Force all traffic | β Yes | β No (apps must cooperate) | π§ |
Prerequisites
Linux
- Linux kernel 3.8+ (network namespace support)
- nftables (nft command)
- libssl-dev (for TLS)
- sudo access (for namespace creation)
macOS
- macOS 10.15+ (Catalina or later)
- No special permissions required (runs in weak mode)
Usage Examples
Basic Usage
# Simple allow/deny rules
# Multiple allow patterns (order matters!)
# Deny telemetry while allowing everything else
# Method-specific rules
Configuration File
Create a rules.txt (one rule per line, # comments and blank lines are ignored):
# rules.txt
allow-get: github\.com
deny: telemetry
allow: .*
Use the config:
Advanced Options
# Verbose logging
# Server mode - run as standalone proxy without executing commands
# Server defaults to ports 8080 (HTTP) and 8443 (HTTPS)
# Server mode with custom ports (format: port or ip:port)
HTTPJAIL_HTTP_BIND=3128 HTTPJAIL_HTTPS_BIND=3129
# Configure applications: HTTP_PROXY=http://localhost:3128 HTTPS_PROXY=http://localhost:3129
# Bind to specific interface
HTTPJAIL_HTTP_BIND=192.168.1.100:8080
Server Mode
httpjail can run as a standalone proxy server without executing any commands. This is useful when you want to proxy multiple applications through the same httpjail instance. The server binds to localhost (127.0.0.1) only for security.
# Start server with default ports (8080 for HTTP, 8443 for HTTPS) on localhost
# Output: Server running on ports 8080 (HTTP) and 8443 (HTTPS). Press Ctrl+C to stop.
# Start server with custom ports using environment variables
HTTPJAIL_HTTP_BIND=3128 HTTPJAIL_HTTPS_BIND=3129
# Output: Server running on ports 3128 (HTTP) and 3129 (HTTPS). Press Ctrl+C to stop.
# Bind to all interfaces (use with caution - exposes proxy to network)
HTTPJAIL_HTTP_BIND=0.0.0.0:8080 HTTPJAIL_HTTPS_BIND=0.0.0.0:8443
# Output: Server running on ports 8080 (HTTP) and 8443 (HTTPS). Press Ctrl+C to stop.
# Configure your applications to use the proxy:
Note: In server mode, httpjail does not create network isolation. Applications must be configured to use the proxy via environment variables or application-specific proxy settings.
TLS Interception
httpjail performs HTTPS interception using a locally-generated Certificate Authority (CA). The tool does not modify your system trust store. Instead, it configures the jailed process to trust the httpjail CA via environment variables.
How it works:
- CA generation (first run): A unique CA keypair is created and persisted.
- Persistent storage (via
dirs::config_dir()):- macOS:
~/Library/Application Support/httpjail/ - Linux:
~/.config/httpjail/ - Windows:
%APPDATA%\httpjail\Files:ca-cert.pem,ca-key.pem(key is chmod 600 on Unix).
- macOS:
- Perβprocess trust via env vars: For the jailed command, httpjail sets common variables so clients trust the CA without touching system stores:
SSL_CERT_FILEandSSL_CERT_DIRCURL_CA_BUNDLEGIT_SSL_CAINFOREQUESTS_CA_BUNDLENODE_EXTRA_CA_CERTSThese apply on both Linux (strong/transparent mode) and macOS (--weakenvβonly mode).
- Transparent MITM:
- Linux strong mode redirects TCP 80/443 to the local proxy. HTTPS is intercepted transparently by extracting SNI from ClientHello and presenting a perβhost certificate signed by the httpjail CA.
- macOS uses explicit proxying via
HTTP_PROXY/HTTPS_PROXYand typically negotiates HTTPS via CONNECT; interception occurs after CONNECT.
- No system trust changes: httpjail never installs the CA into OS trust stores; there is no global modification and thus no trust cleanup step. The CA files remain in the config dir for reuse across runs.
Notes and limits:
- Tools that ignore the above env vars will fail TLS verification when intercepted. For those, add toolβspecific flags to point at
ca-cert.pem. - Longβlived connections are supported: timeouts are applied only to protocol detection, CONNECT header reads, and TLS handshakes β not to proxied streams (e.g., gRPC/WebSocket).
License
This project is released into the public domain under the CC0 1.0 Universal license. See LICENSE for details.