cloudflare-mcp
Provides read-only access to the entire Cloudflare ecosystem, enabling AI assistants to query DNS records, security settings, SSL/TLS configurations, performance optimizations, Zero Trust policies, Workers, Pages, and more via natural language.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@cloudflare-mcpList all my zones and their status"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Cloudflare MCP API Server (Enterprise Edition)
A high-performance Model Context Protocol (MCP) server providing AI assistants with read-only access to the Cloudflare ecosystem. Query your entire Cloudflare infrastructure using natural language through Claude, Cursor, or any MCP-compatible client. Inspired by mcp-server-cloudflare.
Security-First Design
This server implements NIST 800-53 Rev. 5 controls for FedRAMP High environments:
Control | Implementation | File |
AU-12 (Audit Generation) | All API calls logged with sensitive data redaction |
|
SC-5 (DoS Protection) | Token bucket rate limiting (100 burst, 10/sec) |
|
SI-10 (Input Validation) | Zod schemas + GraphQL mutation blocking |
|
SI-11 (Error Handling) | Safe error messages, no stack traces |
|
IA-5(7) (Token Protection) | XOR obfuscation in memory |
|
Related MCP server: Cloudflare API MCP Server
Why Use This?
Infrastructure discovery: "What DNS records exist across all my zones?"
Security audits: "Which zones don't have WAF enabled?" or "Show me all rate limiting rules"
Troubleshooting: "What are the SSL settings for example.com?"
Documentation: Generate configuration reports by asking questions
Learning: Explore your Cloudflare setup without memorizing API endpoints
Features
354 read-only tools covering the entire Cloudflare API surface (as of 2026-02-05)
Zero write operations - cannot modify any configurations (safe to use)
Natural language queries - ask questions, get answers
Built-in security - rate limiting, audit logging, token protection
API Coverage
Category | Examples |
Core | Accounts, Zones, DNS, Settings |
Security | WAF, Firewall, Bot Management, Page Shield, DDoS |
SSL/TLS | Certificates, Universal SSL, Custom Certs, mTLS |
Performance | Argo, Cache, Load Balancing, Waiting Rooms |
Zero Trust | Access Apps, Gateway, Devices, Tunnels, DEX |
Developer Platform | Workers, Pages, D1, R2, KV, Queues, Durable Objects |
Analytics | Dashboard, GraphQL, Audit Logs |
Enterprise | Cloudforce One, Magic Transit, Spectrum, Custom Hostnames |
Quick Start
1. Install
git clone https://github.com/pocc/cloudflare-mcp.git
cd cloudflare-mcp
npm install
npm run build2. Create API Token
Click Create Token
Use Custom Token with read-only permissions:
Account Settings: Read
Zone: Read
Zone Settings: Read
DNS: Read
SSL and Certificates: Read
Firewall Services: Read
Analytics: Read
Access: Apps and Policies: Read
Worker Scripts: Read
Load Balancers: Read
(add more as needed for your use case)
3. Configure Your MCP Client
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"cloudflare": {
"command": "node",
"args": ["/path/to/cloudflare-mcp/dist/index.js"],
"env": {
"CLOUDFLARE_API_TOKEN": "your-api-token-here"
}
}
}
}Cursor / Other MCP Clients
CLOUDFLARE_API_TOKEN="your-token" node dist/index.jsExample Queries
Once connected, ask natural language questions:
Discovery
"List all my zones and their status"
"What Workers do I have deployed?"
"Show me all Access applications"
Security Audit
"Which zones have bot management enabled?"
"What WAF rules are configured on example.com?"
"List all rate limiting rules across my account"
"Show audit logs from the last 24 hours filtered by user@example.com"
Troubleshooting
"What are the SSL settings for example.com?"
"Is Argo Smart Routing enabled on my zones?"
"What DNS records exist for api.example.com?"
"Show me the load balancer configuration for production"
Zero Trust
"List all Cloudflare Tunnel connections"
"What Access policies protect my apps?"
"Show Gateway network policies"
"What devices are registered in my Zero Trust org?"
Security
Feature | Description |
Read-Only | Cannot create, update, or delete any resources |
Rate Limited | Built-in token bucket (100 burst, 10/sec) |
Audit Logged | All API calls logged with sensitive data redacted |
Token Protected | API token XOR-obfuscated in memory |
Input Validated | Zod schemas + GraphQL query validation |
Best Practices:
Use the principle of least privilege when creating tokens
Never commit tokens to version control
Rotate tokens periodically
Documentation
Document | Description |
Technical design and data flow | |
Complete list of 354 tools | |
FedRAMP compliance details | |
NIST control implementations |
Contributing
See CONTRIBUTING.md for guidelines.
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/pocc/cloudflare-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server