Protects an MCP endpoint by validating incoming JSON-RPC requests and restricting the MCP methods and tools that clients may use.
Only HTTP POST requests with an application/json content type are accepted. JSON-RPC batch requests are rejected.
initialize and ping are always allowed. tools/list, tools/call, and notifications are enabled by default and can be disabled under methods. Every other method is rejected.
Tool rules are evaluated in declaration order and the first matching rule wins. If no rule matches, the tool is allowed. Consequently, all tools are allowed when tools is omitted. Add a final deny: ".*" rule to change this into an allowlist.
Denied tools are also removed from tools/list responses so clients do not discover tools they are not allowed to call.
Example Configuration
- mcpProtection:
methods:
toolsList: true
toolsCall: true
notifications: true
tools:
- allow: "listProxies"
- allow: "getStatistics"
- allow: "getExchanges"
- deny: ".*" # tool names also support regular expressions
- mcpProtection:
methods:
toolsList: true
toolsCall: true
notifications: true
tools:
- allow: "listProxies"
- allow: "getStatistics"
- allow: "getExchanges"
- deny: ".*" # tool names also support regular expressions
Syntax
mcpProtection:
'$ref': <string>
methods: {}
tools:
- <tools>
mcpProtection:
'$ref': <string>
methods: {}
tools:
- <tools>
Attributes
| Name | Required | Default | Description | Examples |
|---|---|---|---|---|
| $ref | false | - | Reference a component defined under components. | - |
Child Structure
| Element | Cardinality | Description |
|---|---|---|
| methods | 0..1 | Configures the optional MCP method groups. initialize and ping cannot be disabled by this interceptor. |
| tools | 0..* | Configures ordered allow and deny rules for tool names used by tools/call and advertised by tools/list. Rules support regular expressions. The first matching rule wins; tools unmatched by any rule are allowed. |