← Back to Settings

Network & Firewall

Control network access, egress rules, proxy settings, and deployment security for your enterprise instance.

On This Page

Overview

The Network & Firewall tab controls who can access your AgenticMail instance (inbound) and what your agents can reach on the internet (outbound). These settings form the perimeter defense of your deployment.

Save behavior: Changes are saved when you click the "Save Settings" button at the top or the sticky bar at the bottom. A "Changes take effect immediately" note appears — no server restart is needed.

Inbound IP Filtering

Restricts which IP addresses can access the dashboard, APIs, and engine endpoints. Supports individual IPs and CIDR ranges.

SettingDescription
EnableMaster toggle for IP filtering
Mode
  • Allowlist — Only listed IPs can access. Everything else is blocked. Use for production lockdown.
  • Blocklist — All IPs allowed except listed ones. Use for blocking known attackers.
Allowed IPs / CIDRsIPs permitted in allowlist mode. E.g., 10.0.0.0/8, 203.0.113.42
Blocked IPs / CIDRsIPs rejected in blocklist mode
Bypass PathsURL paths that skip IP filtering (e.g., /health, /ready for load balancer checks)

Test IP Tool

Enter any IP address and click "Test" to see whether it would be allowed or blocked under the current rules. Useful for validating your configuration before saving.

Don't lock yourself out! Before enabling allowlist mode, make sure your current IP is included. If you do lock yourself out, you can modify the firewall config directly in the database (securityConfig in the settings table).

Egress Filtering

Controls which external hosts and ports agents can reach when using web fetch, browser automation, and other network tools.

SettingDescription
EnableMaster toggle for egress filtering
Mode
  • Allowlist — Agents can only connect to listed hosts. Maximum restriction.
  • Blocklist — Agents can connect anywhere except listed hosts. More permissive.
Allowed HostsWildcards supported: *.googleapis.com, api.openai.com
Blocked HostsHosts agents cannot reach: evil.example.com
Allowed PortsOnly these outbound ports are permitted (e.g., 443, 80)
Blocked PortsThese outbound ports are blocked (e.g., 25 for SMTP, 22 for SSH)
Minimal egress for production: Use allowlist mode and only permit the hosts your agents actually need — LLM provider APIs, email servers, and specific integration endpoints. This prevents data exfiltration even if an agent is compromised.

Proxy Configuration

Configure HTTP/HTTPS proxies for agent outbound traffic. Required in corporate environments with restricted internet access.

SettingDescription
HTTP ProxyProxy URL for HTTP traffic: http://proxy.corp.internal:8080
HTTPS ProxyProxy URL for HTTPS traffic (often the same as HTTP proxy)
No-Proxy HostsHosts that bypass the proxy: localhost, 127.0.0.1, *.internal

When configured, these proxy settings are applied to all outbound HTTP/HTTPS requests made by agents via tools like web_fetch, web_search, and browser automation.

Trusted Proxies

When your instance sits behind a reverse proxy (nginx, Cloudflare, AWS ALB), the real client IP is in the X-Forwarded-For header. You must list your proxy IPs here so the system extracts the correct client IP.

SettingDescription
EnableToggle trusted proxy validation
Trusted Proxy IPs / CIDRsIP ranges of your proxies: 10.0.0.0/8, 172.16.0.0/12
Critical for IP filtering: Without trusted proxies configured, the system sees the proxy's IP instead of the real client IP. This breaks IP allowlisting, rate limiting, and audit logging.

CORS Origins

Controls which domains can make cross-origin API requests from a browser. Required when your dashboard is served from a different domain than the API.

SettingDescription
Allowed OriginsList of allowed origins: https://dashboard.example.com. Leave empty to allow all (*).
Production: Never leave CORS origins empty in production. Always specify exact origins to prevent unauthorized cross-origin requests.

Rate Limiting

Per-IP rate limiting using a token bucket algorithm. Protects against brute-force attacks, API abuse, and basic DDoS.

SettingDefaultDescription
EnableOnMaster toggle
Requests per Minute120Maximum API requests per IP per minute
Skip Paths/health, /readyPaths excluded from rate limiting (health checks, webhooks)

When a client exceeds the limit, they receive a 429 Too Many Requests response with a Retry-After header.

HTTPS Enforcement

Redirects all HTTP requests to HTTPS. Essential for production deployments.

SettingDescription
Enforce HTTPSRedirect HTTP to HTTPS. Checks X-Forwarded-Proto for reverse proxy setups.
Exclude PathsPaths that can be accessed over HTTP (e.g., health checks from internal LB)

Security Headers

HTTP headers added to every response for browser-level security.

HeaderDefaultPurpose
Strict-Transport-Security (HSTS)Enabled, 1 yearForces browsers to always use HTTPS. max-age sets how long browsers remember this.
X-Content-Type-OptionsnosniffPrevents browsers from guessing content types. Stops MIME-based attacks.
X-Frame-OptionsDENYPrevents your dashboard from being embedded in iframes. Stops clickjacking.
Referrer-Policystrict-origin-when-cross-originControls how much URL info is sent in the Referer header.
Permissions-Policycamera=(), microphone=(), geolocation=()Disables browser features not needed by the dashboard.
Recommended: Keep all defaults. Only change X-Frame-Options to SAMEORIGIN if you embed the dashboard in your own portal.

DNS Rebinding Protection

Validates the Host header against an allowlist to prevent DNS rebinding attacks.

What is DNS Rebinding?

An attacker registers a domain that initially resolves to their server, then re-resolves to your internal server IP. The browser thinks it's making a same-origin request to the attacker's domain, but it's actually hitting your internal API.

When enabled, requests with a Host header not in the allowlist are rejected with a 403 Forbidden.

SettingDescription
EnableToggle DNS rebinding protection
Allowed HostsYour domain(s): enterprise.example.com, localhost

Request Body Limits

Maximum size for incoming request bodies. Prevents denial-of-service via oversized payloads.

SettingDefaultDescription
Max Body Size10,240 KB (10 MB)Requests exceeding this are rejected with 413 Payload Too Large

Increase this if agents need to upload large files (documents, images). Decrease for tighter security in exposed environments.

Geo-IP Restrictions

Restrict access by country using built-in IP geolocation. Works without Cloudflare or any reverse proxy — the server resolves IPs directly.

SettingDescription
EnableToggle geo-IP filtering
Mode
  • Allowlist — Only selected countries can access
  • Blocklist — Selected countries are blocked, all others allowed
CountriesSelect countries using the picker (search by name or code)
VPN users: Geo-IP filtering is based on the IP address the server sees. Users on VPNs will appear to be in the VPN's country, not their actual location. Consider this when using allowlist mode.

Webhook Security

Security controls for inbound webhook endpoints used by Slack, Google Chat, and third-party integrations.

SettingDescription
EnableToggle webhook security
Require HMAC SignatureWebhooks must include a valid HMAC signature. Prevents spoofed requests from attackers.
Allowed Source IPsOnly accept webhooks from known provider IP ranges (e.g., Google: 35.0.0.0/8, Slack: 3.0.0.0/8)

Deployment Scenarios

Development / Local

Production — Behind Cloudflare

Corporate / Air-Gapped

Related Pages

AgenticMail Enterprise Documentation Report an issue