[BUG] Cowork VM network egress allowlist ignores Admin Capabilities settings
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Hi,
I'm using Claude Cowork mode (research preview) on a Team/Pro plan and have encountered an issue with the network egress allowlist.
The problem:
I've added gateway.pixazo.ai to the allowed domains in Admin Settings → Capabilities → Network Access, but the Cowork VM proxy still blocks traffic to this domain with 403 Forbidden and header X-Proxy-Error: blocked-by-allowlist. The Admin settings appear to have no effect on the actual proxy running inside the VM.
Context:
I have a custom Pixazo image generation skill that calls gateway.pixazo.ai. The skill works correctly but all API calls fail because the VM proxy blocks the domain — despite it being listed in my Admin allowlist. Testing confirms only hardcoded domains (api.anthropic.com, pypi.org, github.com, npmjs.org) pass through.
What Should Happen?
Expected behavior:
Domains added to the network egress allowlist in Admin Capabilities should be allowed by the Cowork VM proxy.
Error Messages/Logs
403 Forbidden and header X-Proxy-Error: blocked-by-allowlist.
Steps to Reproduce
teps to reproduce:
Add gateway.pixazo.ai to the network egress allowlist in Admin → Capabilities
Start a Cowork session
Run: curl -v https://gateway.pixazo.ai
Result: proxy returns 403 blocked-by-allowlist
Claude Model
Opus
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
1.1.2156
Platform
Other
Operating System
macOS
Terminal/Shell
Other
Additional Information
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗