VercelHost-Based Network Egress Control
Vercel Sandbox now enforces egress network policies through SNI-peeking firewalls and CIDR-based rules, giving developers precise control over which external services sandboxed code can reach. Unlike traditional IP-based firewall rules that cannot distinguish between thousands of domains sharing a handful of IP addresses, this SNI approach inspects the initial bytes of TLS handshakes to extract target hostnames, making it effective across modern encrypted protocols like HTTPS, Redis, and PostgreSQL.
Configuration and Workflow
Developers define allowlisted domains at sandbox creation time or update policies dynamically on running instances without restarts:
const sandbox = await Sandbox.create({
networkPolicy: {
allow: ['ai-gateway.vercel.sh', '*.vercel.com'],
},
});
This enables flexible multi-phase workflows: open the network for dependency installation, lock it down to specific services during untrusted code execution, selectively open egress for results, and fully air-gap with deny-all when complete.
Security and Availability
Outbound TLS connections are matched against policies at the handshake phase, with unauthorized destinations rejected before any data transmission. By default, sandboxes have unrestricted internet access; developers can now enforce deny-by-default posture to prevent compromised or hallucinated code snippets from exfiltrating data or making unintended API calls.
The feature is available on all Vercel plans. Wildcard support simplifies configuration for CDN-backed services, and legacy non-TLS systems fall back to IP/CIDR rules. Full documentation covers network egress firewall policy configuration and use cases.