Network isolation

Most MCP servers require network access to function properly—for example, to access APIs, download data, or communicate with other services. However, malicious or misconfigured servers can also exfiltrate sensitive data or download unwanted content.

When you install an MCP server in ToolHive, you can optionally enable network isolation. This feature restricts the MCP server's network access to only the resources you specify.

note

Network isolation currently supports HTTP and HTTPS connections only. Other protocols are not supported.

Enabling network isolation

Currently, network isolation is available for MCP servers installed from the ToolHive registry.

During the MCP server installation, select the Network isolation tab in the configuration form. Click the toggle to enable it.

When you enable network isolation, any safe default configuration defined in the registry is pre-loaded in the form. You can accept these defaults or customize the settings to specify which hosts and ports the MCP server is allowed to access:

Allowed hosts:
A list of hostnames or IP addresses that the MCP server is allowed to access. This can include APIs, data sources, or other services that the MCP server needs to function properly.

tip
To allow access to all subdomains under a specific domain, add a leading period (.) in front of the hostname. For example, to allow access to all subdomains of github.com, enter .github.com in the allowed hosts list.
Allowed ports:
A list of ports that the MCP server is allowed to use for outgoing connections. This can help prevent the MCP server from accessing unauthorized services or resources. For example, port 443 is the default port for HTTPS connections.

important

If you do not specify any allowed hosts or ports, the MCP server will not be able to access any external resources, including the internet. This can be useful for MCP servers that do not require network access or for testing purposes.