참고
Firewall configuration is managed from the "Internet access" settings tab, which covers both Copilot 클라우드 에이전트 and Copilot 코드 검토. Previous configurations saved as Actions variables will be maintained on that page.
Overview
By default, Copilot's access to the internet is limited by a firewall.
참고
Copilot 코드 검토 also supports firewall configuration, at both the organization and repository level, under its own section of the "Internet access" tab described below. This allows you to configure firewall rules for Copilot 코드 검토 independently of Copilot 클라우드 에이전트. See GitHub Copilot 코드 검토 사용.
Limiting internet access helps manage data exfiltration risks. Unexpected behavior from Copilot, or malicious instructions, could lead to code or other sensitive information being leaked to remote locations.
The firewall always allows access to a number of hosts that Copilot uses to interact with GitHub. By default, a recommended allowlist is also enabled to allow the agent to download dependencies.
If Copilot tries to make a request which is blocked by the firewall, a warning is added to the pull request body (for new pull requests) or to a comment (for existing pull requests). The warning shows the blocked address and the command that tried to make the request.

Limitations
The agent firewall has important limitations that affect its security coverage.
- Only applies to processes started by the agent: The firewall only applies to processes started by the agent via its Bash tool. It does not apply to Model Context Protocol (MCP) servers or processes started in configured Copilot setup steps.
- Only applies within the GitHub Actions appliance: The firewall only operates within the GitHub Actions appliance environment. It does not apply to processes running outside of this environment.
- Bypass potential: Sophisticated attacks may bypass the firewall, potentially allowing unauthorized network access and data exfiltration.
These limitations mean that the firewall provides protection for common scenarios, but should not be considered a comprehensive security solution.
Understanding the recommended firewall allowlist
The recommended allowlist, enabled by default, allows access to:
- Common operating system package repositories (for example, Debian, Ubuntu, Red Hat).
- Common container registries (for example, Docker Hub, Azure Container Registry, AWS Elastic Container Registry).
- Packages registries used by popular programming languages (C#, Dart, Go, Haskell, Java, JavaScript, Perl, PHP, Python, Ruby, Rust, Swift).
- Common certificate authorities (to allow SSL certificates to be validated).
- Hosts used to download web browsers for the Playwright MCP server.
For the complete list of hosts included in the recommended allowlist, see Copilot 허용 목록 참조.
Configuring the firewall at the organization level
Organization owners can configure all firewall settings at the organization level, for both Copilot 클라우드 에이전트 and Copilot 코드 검토. To access the firewall settings:
-
GitHub의 오른쪽 위 모서리에서 프로필 사진을 클릭한 다음, Your organizations를 클릭합니다.
-
조직을 클릭하여 선택합니다.
-
조직 이름에서 설정을 클릭합니다. "설정" 탭이 표시되지 않으면 드롭다운 메뉴를 선택한 다음 설정을 클릭합니다.
In the sidebar, under "Code, planning, and automation", click Copilot, and then click Internet access.
The "Internet access" page has separate sections for Copilot 클라우드 에이전트 and Copilot 코드 검토, so you can configure the following settings independently for each.
Enabling or disabling the firewall
경고
Disabling the firewall will allow Copilot to connect to any host, increasing risks of exfiltration of code or other sensitive information.
- Under "Internet access", set the Enable firewall setting to Enabled, Disabled, or Let repositories decide (default).
Enabling or disabling the recommended allowlist
- Under "Internet access", set the Recommended allowlist setting to Enabled, Disabled, or Let repositories decide (default).
Controlling whether repositories can add custom allowlist rules
By default, repository administrators can add their own entries to the firewall allowlist. Organization owners can disable this to prevent repositories from adding custom rules.
- Under "Internet access", set the Allow repository custom rules setting to Enabled (default) or Disabled.
Managing the organization custom allowlist
Items added to the organization custom allowlist apply to all repositories in the organization. These items cannot be deleted at the repository level. Organization-level and repository-level rules are combined.
-
Under "Internet access", click Organization custom allowlist.
-
허용 목록에 포함할 주소를 추가합니다. 다음을 포함할 수 있습니다.
-
도메인(예:
packages.contoso.corp). 지정된 도메인 및 모든 하위 도메인에 대한 트래픽이 허용됩니다.
-
예: packages.contoso.corp는 packages.contoso.corp와 prod.packages.contoso.corp로의 트래픽을 허용하지만 artifacts.contoso.corp로의 트래픽은 허용하지 않습니다.
-
URL(예:
https://packages.contoso.corp/project-1/). 지정된 체계(https)와 호스트(packages.contoso.corp)에 대해서만 트래픽이 허용되며 지정된 경로와 하위 경로로 제한됩니다.
예: https://packages.contoso.corp/project-1/은 https://packages.contoso.corp/project-1/과 https://packages.contoso.corp/project-1/tags/latest로의 트래픽을 허용하지만 https://packages.contoso.corp/project-2, ftp://packages.contoso.corp, https://artifacts.contoso.corp로의 트래픽은 허용하지 않습니다.
- 규칙 추가를 클릭합니다.
- 목록의 유효성을 검사한 후 Save changes를 클릭합니다.
Configuring the firewall at the repository level
Repository administrators can configure firewall settings at the repository level, including enabling or disabling the firewall, enabling or disabling the recommended allowlist, and managing a custom allowlist. Depending on the organization-level configuration, some of these settings may be locked. The repository settings page also has separate sections for Copilot 클라우드 에이전트 and Copilot 코드 검토, so you can configure these settings independently for each.
To access the firewall settings:
-
GitHub에서 리포지토리의 기본 페이지로 이동합니다.
-
리포지토리 이름 아래에서 Settings를 클릭합니다. "설정" 탭이 표시되지 않으면 드롭다운 메뉴를 선택한 다음 설정을 클릭합니다.

-
In the "Code & automation" section of the sidebar, click Copilot then Internet access.
Enabling or disabling the firewall
참고
You can only change this setting at the repository level if the organization-level Enable firewall setting is set to Let repositories decide. If the organization-level setting is Enabled or Disabled, you can't change this setting for individual repositories.
- Toggle the Enable firewall setting on or off.
Enabling or disabling the recommended allowlist
참고
You can only change this setting at the repository level if the organization-level Recommended allowlist setting is set to Let repositories decide. If the organization-level setting is Enabled or Disabled, you can't change this setting for individual repositories.
- Toggle the Recommended allowlist setting on or off.
Managing the custom allowlist
참고
You can only add custom allowlist rules at the repository level if the organization-level Allow repository custom rules setting is set to Enabled. For more information, see Controlling whether repositories can add custom allowlist rules.
-
Click Custom allowlist.
-
허용 목록에 포함할 주소를 추가합니다. 다음을 포함할 수 있습니다.
-
도메인(예:
packages.contoso.corp). 지정된 도메인 및 모든 하위 도메인에 대한 트래픽이 허용됩니다.
-
예: packages.contoso.corp는 packages.contoso.corp와 prod.packages.contoso.corp로의 트래픽을 허용하지만 artifacts.contoso.corp로의 트래픽은 허용하지 않습니다.
-
URL(예:
https://packages.contoso.corp/project-1/). 지정된 체계(https)와 호스트(packages.contoso.corp)에 대해서만 트래픽이 허용되며 지정된 경로와 하위 경로로 제한됩니다.
예: https://packages.contoso.corp/project-1/은 https://packages.contoso.corp/project-1/과 https://packages.contoso.corp/project-1/tags/latest로의 트래픽을 허용하지만 https://packages.contoso.corp/project-2, ftp://packages.contoso.corp, https://artifacts.contoso.corp로의 트래픽은 허용하지 않습니다.
- 규칙 추가를 클릭합니다.
- 목록의 유효성을 검사한 후 Save changes를 클릭합니다.