Make localhost server exempt from UWP app network isolation?

by twisteroid ambassador   Last Updated October 11, 2018 16:01 PM

By default, UWP apps cannot access network resources on the same machine. This restriction can be lifted per app using the CheckNetIsolation.exe utility. This is described in many places around the web:

https://stackoverflow.com/questions/34589522/cant-see-localhost-from-uwp-app https://docs.microsoft.com/en-us/windows/uwp/debug-test-perf/deploying-and-debugging-uwp-apps#debugging-options

The Loopback Exemption can be granted to UWP apps individually. In my use case, I would like to use a system-wide proxy server running on localhost (Internet Options -> Connections -> Local Area Network (LAN) Settings -> Proxy server). This means I have to grant Loopback Exemption to every single one of my UWP apps, otherwise they will not be able to access the Internet at all.

Is there a way to circumvent this network isolation by doing something to the server side, instead of granting Loopback Exemption to every UWP app?

For example, (I have not yet tried this,) I imagine running a virtual machine on my computer and running my proxy server in the virtual machine will allow UWP apps to connect to the proxy server, since the proxy server is not listening on a loopback interface. Are there any other method / hack that will work similarly?

Things I have tried that don't work:

  • Binding the proxy server to another IP address in 127.0.0.0/8, instead of 127.0.0.1
  • Adding a Microsoft Loopback Adapter, assigning it an IP address, and binding my proxy server to that address


Answers 1


There actually is a way, without granting the exemption to every app or running the server on a separate (real or virtual) machine: Use networking trickery to make a localhost server look like it's running on another system.

I have implemented a solution using the WinDivert framework. In short, it "reflects" network packets destined for a specified "reflect address" back towards localhost, so a server running on localhost can be reached at the reflect address. This way UWP apps can access the server freely.

It should be possible to implement similar solutions using other technologies capable of filtering and injecting network packets.

twisteroid ambassador
twisteroid ambassador
October 11, 2018 15:02 PM

Related Questions


Windows 10 Start Menu & PC settings not working

Updated August 08, 2018 12:01 PM

Windows 8 Metro App's "Can't Open"

Updated October 15, 2015 08:00 AM


Bing Food & Drink app always crashes

Updated February 02, 2018 11:01 AM