Post

Cloudflare MCP Server Portals

Cloudflare's approach to MCP gateways is Zero Trust-native: compose multiple MCP servers behind a single portal with Cloudflare Access auth, DLP scanning, and full request logging -- all on the edge, with zero self-hosted infrastructure.

Posted
By
4 min read
Cloudflare MCP Server Portals

Cloudflare’s approach to MCP gateways is Zero Trust-native: compose multiple MCP servers behind a single portal with Cloudflare Access auth, DLP scanning, and full request logging – all on the edge, with zero self-hosted infrastructure.

What It Is

Cloudflare MCP Server Portals is a managed service that lets you compose multiple MCP servers behind a single authenticated gateway endpoint. It is part of Cloudflare One (Zero Trust platform) and integrates natively with Cloudflare Access for authentication and Cloudflare Gateway for traffic inspection.

Cloudflare also provides infrastructure for hosting remote MCP servers on Cloudflare Workers, making it both a gateway and a hosting platform for MCP tools.

Key Features

MCP Server Composition

Compose multiple MCP servers behind a single portal URL. Admins curate which tools and prompt templates from each server are exposed through the portal. Agents connect to one endpoint and get access to a curated set of tools.

1
2
3
4
5

Agent --> [MCP Portal URL]
                |
                |---> MCP Server A (tools: search, summarize)
                |---> MCP Server B (tools: create_ticket)
                +---> MCP Server C (tools: query_db)

Curated Tool Selection

Admins select specific tools to expose per portal – not all-or-nothing. This minimizes the context exposed to the AI model (fewer tools = better model responses) and enforces least-privilege access.

Zero Trust Authentication

Authentication via Cloudflare Access:

  • OIDC, SAML, or social identity providers
  • Device posture checks
  • IP-based or geo-based restrictions
  • Per-portal access policies

No custom auth code needed – agents authenticate via Cloudflare Access before reaching any MCP server.

DLP and Traffic Inspection

Optionally route portal traffic through Cloudflare Gateway for:

  • Data Loss Prevention (DLP) scanning on tool inputs/outputs
  • HTTP logging for rich request-level observability
  • Content inspection and policy enforcement

Observability

Cloudflare Access logs every individual tool call made through the portal:

  • Who (agent identity)
  • What (tool name, server)
  • When (timestamp)
  • Result (success/failure)

Remote MCP Server Hosting

Cloudflare Workers can host MCP servers directly, with built-in:

  • OAuth authentication
  • Durable Objects for stateful tools
  • Global edge deployment (low latency worldwide)

Code Mode

A unique Cloudflare innovation: instead of exposing hundreds of tools individually, Code Mode provides two tools (search() and execute()) that let the model write code against a typed SDK. This reduces context window usage from thousands of tokens to ~1,000 tokens while giving access to the full API surface.

Architecture

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

AI Agent
    |
    v (MCP protocol over HTTPS)
+------------------------------------------+
| Cloudflare Edge Network                   |
|                                           |
|  [Cloudflare Access]                     |
|    Identity verification, device posture |
|       |                                   |
|  [MCP Server Portal]                    |
|    Tool selection, composition           |
|       |                                   |
|  [Cloudflare Gateway] (optional)         |
|    DLP scanning, HTTP logging            |
|       |                                   |
|  Route to MCP Server(s)                  |
|    (Workers-hosted or external)          |
+------------------------------------------+
    |
    v
MCP Servers (on Workers, or external via proxy)

Self-Hosting

Not available. MCP Server Portals are SaaS-only on Cloudflare’s network. The MCP servers themselves can be hosted anywhere (Cloudflare routes to them), but the gateway/portal layer runs on Cloudflare.

For organizations with strict data sovereignty requirements, this means tool call metadata (who called what) is logged in Cloudflare’s infrastructure. The actual tool payloads can stay in your network if your MCP servers are self-hosted.

Pricing

MCP Server Portals are part of Cloudflare One (Zero Trust platform):

Tier Cost MCP Features
Free $0 (up to 50 users) Basic Access policies, limited logging
Teams $7/user/month Full Access + Gateway, DLP
Enterprise Custom Advanced DLP, dedicated support, custom policies

The MCP portal functionality itself has no additional per-request fee. You pay for Cloudflare One based on user count.

Limitations

  • No self-hosting – portal layer is SaaS-only
  • No REST to MCP auto-generation – you bring your own MCP servers
  • No approval workflows – can’t require human approval for high-risk tool calls
  • No token-based rate limiting – request-based only
  • Tied to Cloudflare ecosystem – requires Cloudflare Access/One, not a standalone product

When to Use

Strong fit:

  • Already on Cloudflare One / Zero Trust for employee access
  • Want fastest time-to-deploy for MCP gateway (minutes, not days)
  • Need to compose multiple MCP servers into curated portals for different teams
  • Hosting MCP servers on Cloudflare Workers

Weak fit:

  • Need self-hosted MCP gateway (use Kong)
  • Need REST to MCP auto-generation (use Kong)
  • Not on Cloudflare and don’t want to adopt their platform
  • Need approval workflows for high-risk tool operations

References

AI & Agents, AI Ops
guardrails
This post is licensed under CC BY 4.0 by the author.