Network Access

The Security Challenge

Allowing arbitrary code to run on a cloud server and make outbound network requests is an inherent security risk. Unrestricted platforms are often targeted by botnets to launch DDoS attacks, mine cryptocurrency, or scrape protected data anonymously.

To ensure the compute cluster remains highly available and strictly compliant with security standards, Python Online implements a strict outbound networking policy.

The Secure Proxy

All outbound traffic generated by your Python code (e.g., using the requests library or urllib) is forcibly routed through a highly restrictive Squid Proxy.

This proxy acts as a firewall between your execution container and the internet. It operates on a strict "Default Deny" policy, meaning all outbound connections are blocked unless explicitly allowed. The proxy maintains an internal whitelist of verified, safe domains.

What Happens When Blocked?

If your script attempts to connect to an external API (like api.example.com or a remote PostgreSQL database) that is not on the whitelist, the proxy intercepts and denies the request. In your Output console, you will see a traceback ending in a ProxyError or 403 Forbidden.

To assist with debugging, the Python Online execution engine injects a custom system hint directly into the error log, clearly explaining that the connection was blocked by the platform firewall.