cf-mcp
Provides read-only access to Cloudflare resources including zones, rulesets, WAF, bot management, analytics (via GraphQL), Cloudflare One / Zero Trust, and Logpush.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@cf-mcpquery firewall events for example.com in the last hour"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
cf-mcp
Read-only Cloudflare MCP server for SOC investigation agents (companion to
sumologic-mcp, flare-mcp, mcp-virustotal).
Exposes:
Discovery — accounts, zones
Rulesets & WAF — custom rules, rate-limit rules, managed rulesets
Bot Management — config, Super Bot Fight Mode
Analytics (GraphQL) — firewall events, HTTP requests, bot events, baseline traffic diff
Cloudflare One / Zero Trust — Access apps & policies, Gateway rules, WARP devices, IdPs
Logpush — job metadata
Helpers — dashboard URL builder, wirefilter validator
v1 is strictly read-only. Every non-GET HTTP request is refused at the
client layer when CF_READ_ONLY=true (default).
Install
uv syncRelated MCP server: Cloudflare MCP
Configure
Store your Cloudflare API token in the OS credential store (Windows Credential Manager / macOS Keychain / Linux Secret Service):
uv run cf-mcp-setupAlternatively, set the CF_API_TOKEN environment variable in your MCP client
config — useful on headless Linux hosts where no keyring backend is available.
Required token scopes
Create an API token at https://dash.cloudflare.com/profile/api-tokens with at least these read permissions:
Zone Read
Zone WAF Read
Account Rulesets Read
Account Settings Read
Bot Management Read
Analytics Read (Account + Zone)
Logs Read
Access: Apps Read, Access: Policies Read
Zero Trust: Gateway Read
Optional env vars
CF_ACCOUNT_ID— default account ID for account-scoped tools.CF_ZONE_ALLOWLIST— comma-separated zone names; zone-scoped tools refuse zones not in the list, even if the token has broader access.CF_READ_ONLY— defaults totrue; setfalseonly if a future v1.5 ships mutating tools and you've reviewed them.
MCP client config
Claude Desktop (claude_desktop_config.json)
{
"mcpServers": {
"cloudflare": {
"command": "uv",
"args": ["run", "--project", "/path/to/cf-mcp", "cf-mcp"],
"env": {
"CF_ACCOUNT_ID": "<your-account-id>",
"CF_ZONE_ALLOWLIST": "example.com,example.net"
}
}
}
}Development
uv sync
uv run ruff check src tests
uv run mypy --strict src
uv run pytest tests/unit
CF_LIVE_TEST=true uv run pytest tests/integrationArchitecture notes
One async httpx client per process, shared across all tool calls.
No retry on 429 — the agent decides;
retry_after_sis surfaced in the error envelope. Retry 502/503/504 with exponential backoff + jitter, max 3 attempts, ~10s total budget.No internal rate-limit accountant — Cloudflare's edge and the agent are the only governors. REST quota is 1200/5min; GraphQL is a separate 300/5min.
No cache in v1 — the
cache_metaenvelope field is reserved for v1.5.Compact-mode by default — GraphQL tools return only dimensions + counts. Detail drill-down via
verbose=trueoncf_query_firewall_events_rawandcf_query_http_requests_raw.Hard ~20K-token response ceiling — exceeding tools return
response_too_largewith a hint, never silent truncation.
Response envelope
{
"data": {...},
"next_cursor": "v1.<base64>",
"cache_meta": {"hit": false, "age_s": 0, "ttl_s": 0},
"api_endpoint_called": "POST /graphql",
"correlation_id": "uuid",
"error": null
}On error, data is null and error has:
{
"code": "rate_limited|auth|not_found|validation|upstream|response_too_large|read_only_violation|zone_not_allowed",
"http_status": 429,
"cf_errors": [{"code": 10000, "message": "..."}],
"retry_after_s": 30,
"hint": "narrow the time range or reduce limit"
}Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/wojtekkura/cf-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server