Fine-Grained HTTP Filtering for Claude Code

Posted3 months agoActive3 months ago

ammario

88 points

11 comments

ammar.ioTechstory

calmpositive

Debate

20/100

SandboxingHTTP FilteringSecurity

Key topics

Sandboxing

HTTP Filtering

Security

The post introduces httpjail, a Rust sandbox proxy tool for fine-grained HTTP filtering, and the discussion highlights its versatility and potential applications.

Snapshot generated from the HN discussion

Discussion Activity

Moderate engagement

First comment

-249818s

Peak period

0-2h

Avg / period

2.8

Comment distribution11 data points

Loading chart...

Based on 11 loaded comments

Key moments

01Story posted
Sep 22, 2025 at 3:49 PM EDT
3 months ago
Step 01
02First comment
Sep 19, 2025 at 6:25 PM EDT
-249818s after posting
Step 02
03Peak activity
6 comments in 0-2h
Hottest window of the conversation
Step 03
04Latest activity
Sep 23, 2025 at 11:56 AM EDT
3 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (11 comments)

Showing 11 comments

moderation

3 months ago

1 reply

Previously [0]

0. https://news.ycombinator.com/item?id=45307459

dang

3 months ago

1 reply

We'll merge that comment hither. Thanks!

maxbond

3 months ago

The timestamps remained accurate! That's awesome.

mandrade2

3 months ago

2 replies

> Allow only GET requests i.e. make the internet read-only

If only developers never made use of GET to modify resources...

https://www.reddit.com/r/webdev/comments/6999x7/comment/dh4v...

andy99

3 months ago

3 replies

Am I misunderstanding this one? GET still sends information to another server, what is the "read only" aspect?

ammarioAuthor

3 months ago

1 reply

I meant read-only there in the sense of mutability, not exfiltration.

Of course, some websites may permit mutations through GET so it’s probably only sensible to use alongside known hosts.

cmpaul

3 months ago

``` GET https://mysite.com/?query=all+the+secrets ```

kookybakker

3 months ago

In theory a get request sent to a server should not have any side effects and only retrieve some data. In practice implemention is completely up to the developer and their rule is about as useful as putting up an exit sign to prevent people from entering your building.

nnikiforakis

3 months ago

As others mentioned, GET requests are supposed to be idempotent, i.e., you can send the same request 100 times and get the same response (with no server side-effects) 100 times.

GET requests are also easier to be abused in Cross Site Request Forgery (CSRF) attacks. Modern countermeasures in browsers (like SameSite cookies) will protect cross-origin POST and other state-changing methods, but will largely allow GET requests to go through while carrying session cookies.

userbinator

3 months ago

Ironically, your URL demonstrates this nicely, having a bunch of extra superfluous parameters that only serve to update some tracking database. Here is the "cleaned" URL: https://www.reddit.com/r/webdev/comments/6999x7/comment/dh4v...

I thought it'd be this old but memorable article: https://thedailywtf.com/articles/The_Spider_of_Doom

simonw

4 months ago

This describes httpjail, a new Rust sandbox proxy tool: https://github.com/coder/httpjail

It works for any process, not just Claude Code. I got it working with Codex CLI like this:

  httpjail --js "r.host === 'chatgpt.com'" -- codex

After installing it using Cargo (and Homebrew):

  brew upgrade rust
  cargo install httpjail

I wrote more notes about it here: https://simonwillison.net/2025/Sep/19/httpjail/

View full discussion on Hacker News

ID: 45338561Type: storyLast synced: 11/20/2025, 2:12:10 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN