Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| CLOUDFLARE_TIMEOUT | No | Request timeout in milliseconds | 30000 |
| CLOUDFLARE_API_TOKEN | Yes | Cloudflare API Token (with appropriate permissions) | |
| CLOUDFLARE_ACCOUNT_ID | No | Cloudflare Account ID (required for account-level operations) |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| cloudflare_zone_list | List all Cloudflare zones with pagination. Optionally filter by status or name. |
| cloudflare_zone_get | Get zone details including status, nameservers, and plan. |
| cloudflare_zone_setting_get | Get a specific zone setting by name (e.g., 'ssl', 'security_level', 'minify'). |
| cloudflare_zone_setting_update | Update a specific zone setting (e.g., change SSL mode, security level). |
| cloudflare_dns_list | List DNS records for a zone. Optionally filter by type, name, content, or proxied status. |
| cloudflare_dns_get | Get a single DNS record by its record ID. |
| cloudflare_dns_create | Create a new DNS record in a zone. |
| cloudflare_dns_update | Update an existing DNS record (full replacement via PUT). |
| cloudflare_dns_delete | Delete a DNS record from a zone. |
| cloudflare_dns_search | Search DNS records by name pattern. Returns all records whose name contains the given string. |
| cloudflare_dns_export | Export all DNS records for a zone in BIND zone file format. Returns raw text. |
| cloudflare_dns_import | Import DNS records from a BIND zone file. Sends the file content as multipart/form-data. |
| cloudflare_dnssec_status | Get the DNSSEC status for a zone. |
| cloudflare_account_info | Get Cloudflare account details (account name, ID, settings). No zone_id needed. |
| cloudflare_token_verify | Validate the configured Cloudflare API token and check its permissions. |
| cloudflare_zone_health | Check the health of a zone: combines zone status, DNSSEC configuration, and SSL mode into a single health report. |
| cloudflare_rate_limit_status | Check Cloudflare API rate limit consumption. Returns current limit, remaining requests, and reset time from response headers. |
| cloudflare_tunnel_list | List Cloudflare Tunnels for the account. Optionally filter by name or deleted status. |
| cloudflare_tunnel_get | Get details for a specific Cloudflare Tunnel by its ID. |
| cloudflare_tunnel_create | Create a new Cloudflare Tunnel. A secure 32-byte tunnel secret is automatically generated. |
| cloudflare_tunnel_delete | Delete a Cloudflare Tunnel by its ID. This action cannot be undone. |
| cloudflare_tunnel_config_get | Get the ingress configuration for a Cloudflare Tunnel. |
| cloudflare_tunnel_config_update | Update the ingress configuration for a Cloudflare Tunnel. |
| cloudflare_waf_list_rulesets | List all WAF rulesets for a zone (managed, custom, rate-limiting, etc.). |
| cloudflare_waf_get_ruleset | Get a specific WAF ruleset by ID, including all rules within the ruleset. |
| cloudflare_waf_list_custom_rules | List all custom WAF firewall rules for a zone (http_request_firewall_custom phase entrypoint). |
| cloudflare_waf_create_custom_rule | Add a new custom WAF firewall rule to a zone. Uses Cloudflare Rules Language for the expression. |
| cloudflare_waf_delete_custom_rule | Delete a custom WAF firewall rule from a zone ruleset. |
| cloudflare_zt_list_apps | List all Zero Trust Access applications for the account. |
| cloudflare_zt_get_app | Get details for a specific Zero Trust Access application by its ID. |
| cloudflare_zt_list_policies | List all access policies attached to a Zero Trust Access application. |
| cloudflare_zt_create_policy | Create an access policy for a Zero Trust Access application. Policies define who can access the application. |
| cloudflare_zt_list_idps | List all identity providers (IdPs) configured for Zero Trust Access on the account. |
| cloudflare_zt_gateway_status | Get the Zero Trust Gateway (DNS/HTTP filtering) configuration status for the account. |
| cloudflare_security_level_get | Get the current security level setting for a zone (off, essentially_off, low, medium, high, under_attack). |
| cloudflare_security_level_set | DESTRUCTIVE: Update the security level for a zone. Changes affect live traffic immediately. Use 'under_attack' only during active DDoS attacks. |
| cloudflare_security_events | Query recent security/firewall events for a zone using Cloudflare GraphQL Analytics. |
| cloudflare_ddos_analytics | Query DDoS attack analytics for a zone using Cloudflare GraphQL Analytics. Returns aggregated attack traffic data. |
| cloudflare_ip_access_list | List IP access rules (firewall rules) for a zone. Filter by mode (block, challenge, whitelist, js_challenge). |
| cloudflare_ip_access_create | Create an IP access rule for a zone. Targets can be a specific IP, CIDR range, ASN, or country code. |
| cloudflare_ip_access_delete | Delete an IP access rule from a zone by its rule ID. |
| cloudflare_under_attack_status | Check whether a zone is currently in 'Under Attack' mode. Returns the current security level and whether DDoS protection is maximized. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |