Exposes Cloudflare DNS, security, WAF rules, page-rule redirects, zone settings, and cache purge functionality through 16 structured tools that allow reading and modifying DNS records, managing firewall rules, creating redirects, and more.
Referenced as a sandbox environment for creating test zones to safely experiment with the Cloudflare MCP server's capabilities without affecting production infrastructure.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Cloudflare MCP Serverlist DNS records for example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Cloudflare MCP Server
Modern Model-Context-Protocol (MCP) server that exposes Cloudflare DNS, security, redirects and zone-settings functionality as structured tools which any compliant AI client (e.g. Claude Desktop) can invoke.
✨ Key Features
Rich Tool Catalog – 16 read & write operations covering DNS records, WAF rules, page-rule redirects, cache purge, zone settings and more.
Plug-and-Play with Claude Desktop – ships with STDIO transport so Claude immediately lists & calls tools; no extra adaptor required.
Type-Safe – written in TypeScript and powered by
@modelcontextprotocol/sdk, with zod schemas for every tool’s params & return value.Non-destructive by Default – destructive certificate-ordering functions are disabled out-of-the-box to prevent accidental cost.
Script Library & Tests – one-shot scripts for manual ops plus Jest integration/unit tests.
Related MCP server: Cloudflare API MCP Server
🚀 Quick Start
# 1. Clone & install
npm install
# 2. Configure credentials
cp config/.env.example .env
$EDITOR .env # put your CLOUDFLARE_API_TOKEN
# 3. Build & run the server (stdio)
npm run build
node dist/index.js # Claude Desktop will auto-detectNeed a sandbox? Cloudflare Workers Free Plan lets you create test zones.
🛠️ Tool Catalog
Category | Tool Name | Description |
General |
| Round-trip text for connectivity testing |
Zones |
| Enumerate zones the token can access |
Zones |
| Return full settings object |
Zones |
| Short settings summary |
DNS |
| Read all DNS RRsets |
DNS |
| Add a record |
DNS |
| Modify record |
DNS |
| Remove record |
Security |
| Read firewall rules |
Security |
| Add firewall rule |
Security |
| Edit firewall rule |
Security |
| Delete firewall rule |
Redirect |
| List redirects/page-rules |
Redirect |
| Create redirect |
Redirect |
| Delete redirect |
Cache |
| Purge URL or everything |
* Destructive operations – use with care.
SSL cert ordering/upload functions are intentionally not registered. Enable them by removing the filter in src/index.ts if required.
🧑💻 Development
# Watch-mode compile
npm run dev
# Run the full test suite
npm test
# Lint
npm run lintHandy demo scripts live under scripts/ (e.g. scripts/list-dns-demo.ts). All accept a --zone flag.
🏗️ Architecture
src/index.ts– entrypoint; merges tool maps and registers them withMcpServer.src/tools/– individual tool modules, each exporting{ tools, description }.src/cloudflare-client.ts– thin wrapper around axios + CF API base URL.tests/– Jest tests (unit + integration).
The server communicates over STDIO using JSON-RPC 2.0 as defined by the MCP SDK. See docs/API.md.
🤝 Contributing
PRs & issues are welcome! Please read REFERENCE.md for coding conventions and style guidelines.
Fork → feature branch → PR.
Ensure
npm testpasses.Describe the tool behaviour or bug clearly.
📜 License
MIT © 2025 Jeff Golden
Made with Windsurf
Resources
Looking for Admin?
Admins can modify the Dockerfile, update the server description, and track usage metrics. If you are the server author, to access the admin panel.