Cloudflare MCP Server

Instructions

Implementation Reference

• src/tools/security.ts:118-145 (handler)

  The main handler function that implements the logic to update a Cloudflare WAF security rule by fetching the zone, preparing the update body, and calling the Cloudflare PUT API.
  handler: async (params: z.infer<typeof UpdateSecurityRuleInputSchema>) => { const { zone_name, rule_id, description, expression, action, priority, paused } = UpdateSecurityRuleInputSchema.parse(params); const zones = await client.get<Array<{ id: string; name: string }>>('/zones', { name: zone_name }); if (zones.length === 0) throw new Error(`Zone ${zone_name} not found`); const zoneId = zones[0].id; const body: any = { id: rule_id }; if (description !== undefined) body.description = description; if (expression !== undefined) { // need to include filter id per Cloudflare API const existing = await client.get<any>(`/zones/${zoneId}/firewall/rules/${rule_id}`); const filterId = existing.filter?.id; body.filter = { id: filterId, expression }; } if (action !== undefined) body.action = action; if (priority !== undefined) body.priority = priority; if (paused !== undefined) body.paused = paused; const updated = await client.put<typeof WafRuleSchema["_type"]>(`/zones/${zoneId}/firewall/rules/${rule_id}`, body); return { content: [ { type: "text", text: JSON.stringify(updated, null, 2) } ] }; },
• src/tools/security.ts:102-110 (schema)

  Zod schema defining the input parameters for the update_security_rule tool.
  const UpdateSecurityRuleInputSchema = z.object({ zone_name: z.string(), rule_id: z.string(), description: z.string().optional(), expression: z.string().optional(), action: z.string().optional(), priority: z.number().optional(), paused: z.boolean().optional(), });
• src/tools/security.ts:112-146 (registration)

  Tool object definition including name, description, schemas, and handler reference for 'cloudflare-dns-mcp/update_security_rule'.
  const updateSecurityRuleTool: Tool = { name: 'cloudflare-dns-mcp/update_security_rule', description: 'Update an existing firewall security rule', inputSchema: zodToJsonSchema(UpdateSecurityRuleInputSchema) as any, outputSchema: zodToJsonSchema(WafRuleSchema) as any, annotations: { destructiveHint: true }, handler: async (params: z.infer<typeof UpdateSecurityRuleInputSchema>) => { const { zone_name, rule_id, description, expression, action, priority, paused } = UpdateSecurityRuleInputSchema.parse(params); const zones = await client.get<Array<{ id: string; name: string }>>('/zones', { name: zone_name }); if (zones.length === 0) throw new Error(`Zone ${zone_name} not found`); const zoneId = zones[0].id; const body: any = { id: rule_id }; if (description !== undefined) body.description = description; if (expression !== undefined) { // need to include filter id per Cloudflare API const existing = await client.get<any>(`/zones/${zoneId}/firewall/rules/${rule_id}`); const filterId = existing.filter?.id; body.filter = { id: filterId, expression }; } if (action !== undefined) body.action = action; if (priority !== undefined) body.priority = priority; if (paused !== undefined) body.paused = paused; const updated = await client.put<typeof WafRuleSchema["_type"]>(`/zones/${zoneId}/firewall/rules/${rule_id}`, body); return { content: [ { type: "text", text: JSON.stringify(updated, null, 2) } ] }; }, };
• src/tools/security.ts:183-190 (registration)

  Registration of the update_security_rule tool (and related security tools) in the tools map returned by getSecurityTools function.
  return { tools: { 'cloudflare-dns-mcp/list_waf_rules': listWafRulesTool, 'cloudflare-dns-mcp/create_security_rule': createSecurityRuleTool, 'cloudflare-dns-mcp/update_security_rule': updateSecurityRuleTool, 'cloudflare-dns-mcp/delete_security_rule': deleteSecurityRuleTool, }, };