Cloudflare MCP Server - MCP Servers
Build applications, analyze traffic, and manage security settings through Cloudflare
Author
Cloudflare
Added
2025-09-18
Setup time
2 minutes
Difficulty
beginner
Quick use
Install command
1 linesclaude mcp add cloudflare --env CLOUDFLARE_API_TOKEN=YOUR_TOKEN --env CLOUDFLARE_ACCOUNT_ID=YOUR_ACCOUNT_ID && claude mcp listClaude config
.claude/settings.json
13 lines{
"cloudflare": {
"env": {
"CLOUDFLARE_API_TOKEN": "${CLOUDFLARE_API_TOKEN}",
"CLOUDFLARE_ACCOUNT_ID": "${CLOUDFLARE_ACCOUNT_ID}"
},
"args": [
"-y",
"@cloudflare/mcp-server-cloudflare"
],
"command": "npx"
}
}Source asset
json
13 lines{
"cloudflare": {
"env": {
"CLOUDFLARE_API_TOKEN": "${CLOUDFLARE_API_TOKEN}",
"CLOUDFLARE_ACCOUNT_ID": "${CLOUDFLARE_ACCOUNT_ID}"
},
"args": [
"-y",
"@cloudflare/mcp-server-cloudflare"
],
"command": "npx"
}
}Section
Content
Expand
Section
Content
Manage Cloudflare services and configurations through Claude for comprehensive infrastructure control.
Section
Features
Expand
Section
Features
- Configure DNS settings and records
- Manage security rules and WAF
- Analyze traffic patterns and metrics
- Control caching behavior and purging
- Deploy Workers and Pages
- Advanced Cloudflare zone and DNS management with CDN configuration, security rules, and analytics integration
- Batch operations support for efficient bulk DNS record creation, updates, and cache purging with automatic rate limit handling and retry logic
- Real-time configuration synchronization capabilities with webhook integration support for monitoring zone changes and triggering automated workflows
Section
Use Cases
Expand
Section
Use Cases
- Deploy edge functions globally
- Configure WAF rules for security
- Manage DNS records programmatically
- Analyze attack patterns and threats
- Optimize site performance with caching
- Build automated infrastructure management workflows that sync external systems with Cloudflare zones for real-time DNS and security configuration
Section
Installation
Expand
Section
Installation
Claude Code
- claude mcp add cloudflare --env CLOUDFLARE_API_TOKEN=YOUR_TOKEN --env CLOUDFLARE_ACCOUNT_ID=YOUR_ACCOUNT_ID
- Verify installation: claude mcp list
- Test connection: claude mcp status cloudflare
Claude CodeDetails
- claude mcp add cloudflare --env CLOUDFLARE_API_TOKEN=YOUR_TOKEN --env CLOUDFLARE_ACCOUNT_ID=YOUR_ACCOUNT_ID
- Verify installation: claude mcp list
- Test connection: claude mcp status cloudflare
Claude DesktopDetails
- Get your Cloudflare API Token from https://dash.cloudflare.com/profile/api-tokens
- Find your Account ID in the Cloudflare dashboard
- Open Claude Desktop configuration file
- Add the Cloudflare MCP server configuration with your credentials
- Restart Claude Desktop
Section
Requirements
Expand
Section
Requirements
- Cloudflare account with active zones
- Cloudflare API Token from https://dash.cloudflare.com/profile/api-tokens
- Cloudflare Account ID (found in Cloudflare dashboard)
- Node.js and npm/npx available for running the @cloudflare/mcp-server-cloudflare package
- Internet connection for accessing Cloudflare API (https://api.cloudflare.com endpoints)
- Claude Desktop 0.7.0+ or Claude Code with MCP support
- Rate limit awareness: 1,200 requests per 5 minutes (global limit, ~4 requests per second)
- Understanding of Cloudflare zones, DNS records, Workers, Pages, and security settings
- Appropriate API token permissions (read, write, deploy as needed for target operations)
- Content-Type: application/json header for API requests and Bearer authentication (not email/key pair)
Section
Examples
Expand
Section
Examples
Add DNS record for subdomain
Common usage pattern for this MCP server
Add DNS record for subdomainDetails
Common usage pattern for this MCP server
Ask Claude: "Add DNS record for subdomain"
Deploy Worker scriptDetails
Common usage pattern for this MCP server
Ask Claude: "Deploy Worker script"
Show traffic analyticsDetails
Common usage pattern for this MCP server
Ask Claude: "Show traffic analytics"
Configure firewall ruleDetails
Common usage pattern for this MCP server
Ask Claude: "Configure firewall rule"
Create DNS RecordDetails
Create a new Cloudflare DNS A record with TTL configuration
// Create Cloudflare DNS record
const record = await cloudflare.dns.records.create({
zone_id: "zone-id",
type: "A",
name: "example.com",
content: "192.0.2.1",
ttl: 3600
});
Section
Security
Expand
Section
Security
- Use API tokens with minimal scope
- Enable 2FA on Cloudflare account
- Regular security audits recommended
- Monitor API usage and rate limits
- Cloudflare API tokens and Global API keys must be securely stored and never exposed in client-side code or public repositories - use environment variables and secure credential management
- Cloudflare API tokens should be scoped with minimal required permissions following the principle of least privilege - regularly audit API token permissions and remove unused tokens
- Cloudflare zone IDs and account IDs may expose infrastructure architecture and domain information - ensure Cloudflare resource IDs are kept private and not shared in public configurations
- Rate limiting and API quota management are critical for Cloudflare MCP servers - implement proper rate limit handling, retry logic, and quota monitoring to prevent service disruption
- Cloudflare webhook configurations and payloads may contain sensitive DNS and security configuration data - ensure webhook endpoints are properly secured with authentication and HTTPS encryption
Section
Troubleshooting
Expand
Section
Troubleshooting
HTTP 429 error: API rate limit exceeded for 5 minutes
Cloudflare global rate limit is 1,200 requests per 5 minutes. Wait for 5-minute window to reset. Distribute API calls across time and implement request throttling to stay under 4 requests per second.
HTTP 429 error: API rate limit exceeded for 5 minutesDetails
Cloudflare global rate limit is 1,200 requests per 5 minutes. Wait for 5-minute window to reset. Distribute API calls across time and implement request throttling to stay under 4 requests per second.
Rate limit API error: decoding not yet implementedDetails
Add Content-Type: application/json header to your API request. Verify request body is properly formatted JSON and includes all required parameters for the endpoint.
Error: ratelimit.api.not_entitled for Enterprise featuresDetails
Contact your Cloudflare Account Team to enable Enterprise rate limiting features. Verify your account tier supports advanced rate limiting or migrate to Ruleset Engine API.
Authentication error: token permission insufficientDetails
Verify API token has Firewall Services Write permission for rate limiting. Check token hasn't expired and regenerate from Cloudflare dashboard if needed. Use Bearer authentication, not email/key pair.
Cannot configure rate limits or firewall rulesDetails
Ensure API token has correct zone and account-level permissions. Verify you're using Ruleset Engine API (not deprecated Rate Limiting API) and check account tier supports feature.
Cloudflare MCP server authentication errors with API tokensDetails
Verify API token is valid and not expired. Check token permissions match required operations. Ensure token format is correct (Bearer token in Authorization header). For Global API keys, verify email and key combination is correct.
Cloudflare rate limit errors when managing large zonesDetails
Implement exponential backoff retry logic with jitter. Use batch operations to reduce API calls. Cache frequently accessed zone data. Monitor rate limit headers and adjust request frequency accordingly. Cloudflare allows 1,200 requests per 5 minutes per API token.
Cloudflare zone or DNS record access denied errorsDetails
Verify API token has access to the zone and account. Check zone permissions and account membership. Ensure API token scopes include required zone and DNS permissions.
Cloudflare MCP server connection timeouts or network errorsDetails
Check network connectivity and firewall settings. Verify Cloudflare API endpoints are accessible. Increase request timeout values. Implement connection pooling and retry mechanisms with exponential backoff.
0% complete