What are the requirements for Cloudflare MCP Server?

Cloudflare MCP Server requires the following environment variables: CLOUDFLARE_API_TOKEN (required), CLOUDFLARE_ACCOUNT_ID (optional), CLOUDFLARE_TIMEOUT (optional). You'll also need a compatible MCP client like Claude Desktop or Claude Code.

Is Cloudflare MCP Server free to use?

Yes, Cloudflare MCP Server is open source and free to use. You can find the source code on GitHub.

What MCP clients support Cloudflare MCP Server?

Cloudflare MCP Server works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure Cloudflare MCP Server?

Configure Cloudflare MCP Server by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

Cloudflare MCP Server

Q: How do I install Cloudflare MCP Server?

Install Cloudflare MCP Server by running: npm install && cp .env.example .env && npm run build && node dist/index.js

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal

npm install
cp .env.example .env
npm run build
node dist/index.js

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal

claude mcp add -e "CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}" mcp-cloudflare -- node "<FULL_PATH_TO_MCP_CLOUDFLARE>/dist/index.js"

Replace <FULL_PATH_TO_MCP_CLOUDFLARE>/dist/index.js with the actual folder you prepared in step 1.

Required:CLOUDFLARE_API_TOKEN+ 2 optional

README.md

Slim Cloudflare MCP Server for managing DNS, zones, tunnels, WAF, and security.

mcp-cloudflare

Slim Cloudflare MCP Server for managing DNS, zones, tunnels, WAF, Zero Trust, and security via Cloudflare API v4.

No SSH. No shell execution. API-only. 3 runtime dependencies.

Features

75 tools across 11 domains:

DNS — Record management (A, AAAA, CNAME, MX, TXT, SRV, CAA, NS), batch operations
Zones — Zone listing, settings, SSL/TLS configuration, cache management
Tunnels — Cloudflare Tunnel creation, configuration, and ingress management
WAF — Ruleset management, custom firewall rules, rate limiting
Zero Trust — Access application CRUD (create/delete), policies (create/delete), identity providers (create/delete), Gateway status
Security — Security event analytics, IP access rules, DDoS configuration, Security Center insights
Workers KV — Namespace management, key-value read/write/delete, key listing
Workers — Script deployment, route management
Worker Secrets — Secret management (names only, values never exposed)
Worker Analytics — Invocation metrics, CPU time, error rates via GraphQL
R2 Storage — Bucket management, object listing and metadata, custom domains, location hints

Quick Start

npm install
cp .env.example .env   # Edit with your Cloudflare API token
npm run build
node dist/index.js     # stdio transport for MCP

Claude Code Integration

Add to .mcp.json in your project root:

{
  "mcpServers": {
    "cloudflare": {
      "command": "node",
      "args": ["/path/to/mcp-cloudflare/dist/index.js"],
      "env": {
        "CLOUDFLARE_API_TOKEN": "your-api-token-here",
        "CLOUDFLARE_ACCOUNT_ID": "your-account-id"
      }
    }
  }
}

Configuration

Variable	Required	Default	Description
`CLOUDFLARE_API_TOKEN`	Yes	—	Cloudflare API Token (with appropriate permissions)
`CLOUDFLARE_ACCOUNT_ID`	No	—	Cloudflare Account ID (required for account-level operations)
`CLOUDFLARE_TIMEOUT`	No	`30000`	Request timeout in milliseconds

API Token Permissions

Create an API Token at dash.cloudflare.com/profile/api-tokens with the following permissions based on what you need:

DNS: Zone > DNS > Edit
Zone settings: Zone > Zone Settings > Edit
Cache purge: Zone > Cache Purge > Edit
Tunnels: Account > Cloudflare Tunnel > Edit
WAF: Zone > Firewall Services > Edit
Zero Trust: Account > Access: Apps and Policies > Edit
Security events: Zone > Analytics > Read
Workers KV: Account > Workers KV Storage > Edit
Workers: Account > Worker Scripts > Edit
R2: Account > R2 Storage > Edit

Multi-Zone Support

All zone-scoped tools accept a zone_id parameter that can be either:

A 32-character hex zone ID (e.g., 00000000000000000000000000000001) — used directly
A zone name / domain (e.g., example.com) — resolved automatically via the Cloudflare API

This allows managing multiple zones by name without needing to look up IDs manually.

Tools

Tools documentation is coming in v1 as tool modules are implemented. See docs/api-reference.md for the planned API endpoint mapping.

Skills

Claude Code skills compose MCP tools into higher-level workflows. See `.claude/skills/README.md` for detailed documentation.

Skill	Slash Command	Description
cloudflare-health	`/cf-health`	Zone health dashboard — DNS, security, tunnels, WAF, DDoS status
cloudflare-live-test	`/cf-test`	Live integration test — read + safe writes with cleanup
cloudflare-dns-management	—	DNS record management — add, list, update, delete across zones
cloudflare-incident-response	—	DDoS/attack emergency response — detect, assess, mitigate, monitor
cloudflare-security-audit	—	Security postur

Environment Variables

CLOUDFLARE_API_TOKENrequiredCloudflare API Token (with appropriate permissions)

CLOUDFLARE_ACCOUNT_IDCloudflare Account ID (required for account-level operations)

CLOUDFLARE_TIMEOUTRequest timeout in milliseconds

Configuration

claude_desktop_config.json

{
  "mcpServers": {
    "cloudflare": {
      "command": "node",
      "args": ["/path/to/mcp-cloudflare/dist/index.js"],
      "env": {
        "CLOUDFLARE_API_TOKEN": "your-api-token-here",
        "CLOUDFLARE_ACCOUNT_ID": "your-account-id"
      }
    }
  }
}

Try it

→List all DNS records for example.com and identify any missing A records.

→Create a new Cloudflare Tunnel for my local development server.

→Check the current security event analytics for my zone.

→Update the WAF rules to block traffic from a specific suspicious IP range.

→Deploy a new worker script and configure its route.

Frequently Asked Questions

What are the key features of Cloudflare MCP Server?

Comprehensive DNS record management including A, AAAA, CNAME, and TXT records.. Cloudflare Tunnel creation and ingress management.. WAF ruleset management and rate limiting configuration.. Zero Trust access application and policy management.. Workers KV, R2 storage, and worker script deployment capabilities..

What can I use Cloudflare MCP Server for?

Automating DNS record updates during CI/CD deployment pipelines.. Rapidly responding to DDoS attacks by adjusting WAF rules via natural language.. Managing complex multi-zone Cloudflare configurations from a single interface.. Streamlining the deployment and configuration of Cloudflare Workers and R2 storage..

How do I install Cloudflare MCP Server?

Install Cloudflare MCP Server by running: npm install && cp .env.example .env && npm run build && node dist/index.js

What MCP clients work with Cloudflare MCP Server?

Cloudflare MCP Server works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Cloudflare MCP Server docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.

Open Conare

View all cloud servers →

Cloudflare MCP Server

Set the server up locally

Register it in Claude Code

mcp-cloudflare

Features

Quick Start

Claude Code Integration

Configuration

API Token Permissions

Multi-Zone Support

Tools

Skills

Environment Variables

Configuration

Try it

Frequently Asked Questions

Turn this server into reusable context

Related MCP Servers