A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception.
# Allow only requests to github.com (JS) httpjail --js "r.host === 'github.com'" -- your-app # Load JS from a file (auto-reloads on file changes) echo "/^api\\.example\\.com$/.test(r.host) && r.method === 'GET'" > rules.js httpjail --js-file rules.js -- curl https://api.example.com/health # File changes are detected and reloaded automatically on each request # Log requests to a file httpjail --request-log requests.log --js "true" -- npm install # Log format: "<timestamp> <+/-> <METHOD> <URL>" (+ = allowed, - = blocked) # Use shell script for request evaluation (process per request) httpjail --sh "/path/to/script.sh" -- ./my-app # Script receives env vars: HTTPJAIL_URL, HTTPJAIL_METHOD, HTTPJAIL_HOST, etc. # Exit code 0 allows, non-zero blocks # Use line processor for request evaluation (efficient persistent process) httpjail --proc /path/to/filter.py -- ./my-app # Program receives JSON on stdin (one per line) and outputs allow/deny decisions # stdin -> {"method": "GET", "url": "https://api.github.com", "host": "api.github.com", ...} # stdout -> true # Run as standalone proxy server (no command execution) and allow all httpjail --server --js "true" # Server defaults to ports 8080 (HTTP) and 8443 (HTTPS) # Configure your application: # HTTP_PROXY=http://localhost:8080 HTTPS_PROXY=http://localhost:8443 # Run Docker containers with network isolation (Linux only) httpjail --js "r.host === 'api.github.com'" --docker-run -- --rm alpine:latest wget -qO- https://api.github.com
This project is released into the public domain under the CC0 1.0 Universal license. See LICENSE for details.