MCP Server Policy

CLOUDFLARE MCP POLICY

Enforce policies on every tool call to the Cloudflare MCP Server. 23 tools listed, categorised, and ready for rules.

cloudflare/mcp-server-cloudflare 6 read 17 write 23 tools total

cloudflare workers kv r2 d1 dns

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches Cloudflare.

terminal

# Download policy scaffold


curl -o cloudflare.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/cloudflare.yaml

# Run with Intercept


intercept --policy cloudflare.yaml -- npx -y @cloudflare/mcp-server-cloudflare

Server documentation: https://github.com/cloudflare/mcp-server-cloudflare

READ TOOLS

accounts_list List all accounts in your Cloudflare account

query_worker_observability Query the Workers Observability API

search_cloudflare_documentation Search the Cloudflare documentation

workers_get_worker Get the details of a Cloudflare Worker

workers_get_worker_code Get the source code of a Cloudflare Worker

workers_list List Cloudflare Workers

WRITE TOOLS

set_active_account Set active account for tool calls

OTHER TOOLS

d1_database_create Create a new D1 database

d1_database_delete Delete a D1 database

d1_database_get Get a D1 database

d1_database_query Query a D1 database

d1_databases_list List all D1 databases

kv_namespace_create Create a new KV namespace

kv_namespace_delete Delete a KV namespace

kv_namespace_get Get details of a KV namespace

kv_namespace_update Update the title of a KV namespace

kv_namespaces_list List KV namespaces

observability_keys Find keys in the Workers Observability Data

observability_values Find values in the Workers Observability Data

r2_bucket_create Create a new R2 bucket

r2_bucket_delete Delete an R2 bucket

r2_bucket_get Get details about a specific R2 bucket

r2_buckets_list List R2 buckets

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

cloudflare.yaml

version: "1"
description: "Policy for cloudflare/mcp-server-cloudflare"
default: "allow"
tools:
    accounts_list:
        rules: []
    query_worker_observability:
        rules: []
    search_cloudflare_documentation:
        rules: []
    workers_get_worker:
        rules: []
    workers_get_worker_code:
        rules: []
    workers_list:
        rules: []
    set_active_account:
        rules: []
    d1_database_create:
        rules: []
    d1_database_delete:
        rules: []
    d1_database_get:
        rules: []
    d1_database_query:
        rules: []
    d1_databases_list:
        rules: []
    kv_namespace_create:
        rules: []
    kv_namespace_delete:
        rules: []
    kv_namespace_get:
        rules: []
    kv_namespace_update:
        rules: []
    kv_namespaces_list:
        rules: []
    observability_keys:
        rules: []
    observability_values:
        rules: []
    r2_bucket_create:
        rules: []
    r2_bucket_delete:
        rules: []
    r2_bucket_get:
        rules: []
    r2_buckets_list:
        rules: []

FREQUENTLY ASKED QUESTIONS

What tools does the Cloudflare MCP server expose?

The Cloudflare MCP Server exposes 23 tools across 3 categories: Read, Write, Other. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on Cloudflare?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the Cloudflare MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the Cloudflare policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON CLOUDFLARE

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →

CLOUDFLARE MCP POLICY

GET STARTED

READ TOOLS

accounts_list

query_worker_observability

search_cloudflare_documentation

workers_get_worker

workers_get_worker_code

workers_list

WRITE TOOLS

set_active_account

OTHER TOOLS

d1_database_create

d1_database_delete

d1_database_get

d1_database_query

d1_databases_list

kv_namespace_create

kv_namespace_delete

kv_namespace_get

kv_namespace_update

kv_namespaces_list

observability_keys

observability_values

r2_bucket_create

r2_bucket_delete

r2_bucket_get

r2_buckets_list