[BUG] Outbound Request to InfluxDB Blocked by Sandbox (2.1.74 -> v2.1.83 -> 2.1.74)

Resolved 💬 4 comments Opened Mar 25, 2026 by trev-gulls Closed May 21, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

During normal usage I encountered a permission request for https://eu-central-1-1.aws.cloud2.influxdata.com/. I denied the request but found myself confused why the request was made in the first place for two reasons:

  1. I am not using InfluxDB or any related service as a part of my project. I am not using AWS (directly) either. I am using a private GitHub repo accessed using the gh cli. I was in sandbox mode and my network allowlist does not include any matching domain (probably why the request was blocked to begin with).
  2. I am located on the US West Coast, so a request to a server in Frankfurt, Germany is unexpected, although possible given high demand and global load balancing.

I did attempt to investigate the session transcript including tool call results but did not find any logs with substring "influx" or ".aws." and furthermore during my investigation I encountered several internal server errors (500) while attempting to inspect installed plugins for references to the suspicious endpoint.

<img width="652" height="170" alt="Image" src="https://github.com/user-attachments/assets/8b6e1f89-9feb-44f4-bc9e-812feb454b70" />

<img width="734" height="202" alt="Image" src="https://github.com/user-attachments/assets/37751162-b1a7-4143-98ab-0abc15e1a627" />

<img width="736" height="271" alt="Image" src="https://github.com/user-attachments/assets/71858b07-0928-40ca-896d-fb99704df605" />

What Should Happen?

If this is a legitimate endpoint used by Claude Code to record metrics, the request likely should have been managed by the application (not the model) and bypassed the sandbox altogether or respected the sandbox network config.

If this was not a legitimate endpoint used by Claude Code, then the incident should be investigated throughly using available server side resources that may reveal how the model or app was convinced to issue a request to a illegitimate endpoint.

Error Messages/Logs

No relevant logs found, earlier screenshots show the user view.

Steps to Reproduce

Normal claude code usage with version 2.1.74 and possibly a mid-session upgrade to 2.1.83 and later rollback to 2.1.74

Claude Model

Opus

Is this a regression?

I don't know

Last Working Version

_No response_

Claude Code Version

2.1.74

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Warp

Additional Information

"sandbox": {
    "enabled": true,
    "autoAllowBashIfSandboxed": true,
    "allowUnsandboxedCommands": true,
    "network": {
      "allowedDomains": [
        "anthropic.com",
        "code.claude.com",
        "github.com",
        "*.github.com",
        "*.githubusercontent.com",
        "pypi.org",
        "*.pypi.org",
        "files.pythonhosted.org",
        "registry.npmjs.org",
        "*.npmjs.org"
      ],
      "allowLocalBinding": false
    },
...

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗