diff --git a/wiki/MCP-Setup.md b/wiki/MCP-Setup.md index 2ff069ea..40b1e9d7 100644 --- a/wiki/MCP-Setup.md +++ b/wiki/MCP-Setup.md @@ -6,6 +6,8 @@ This page explains how to connect an AI assistant to your TREK instance. TREK su ![MCP Setup](assets/MCPConfig.png) +> **Cloudflare users:** If your TREK instance is proxied through Cloudflare, Bot Fight Mode and Super Bot Fight Mode will block MCP requests from ChatGPT. Claude.ai is not affected. See [Troubleshooting → MCP requests blocked by Cloudflare WAF](#mcp-requests-blocked-by-cloudflare-waf-bot-fight-mode) for the fix. + ## Option A: OAuth 2.1 (recommended) OAuth 2.1 is the preferred connection method. You grant specific scopes during the consent step and no token management is required afterward — TREK issues short-lived access tokens and automatically rotates refresh tokens. diff --git a/wiki/Troubleshooting.md b/wiki/Troubleshooting.md index aae97181..7b7a6d03 100644 --- a/wiki/Troubleshooting.md +++ b/wiki/Troubleshooting.md @@ -251,3 +251,55 @@ environment: - MCP_RATE_LIMIT=600 # requests per minute per user (default: 300) - MCP_MAX_SESSION_PER_USER=50 # concurrent sessions per user (default: 20) ``` + +--- + +## MCP requests blocked by Cloudflare WAF (Bot Fight Mode) + +**Cause:** When TREK is proxied through Cloudflare, **Bot Fight Mode** and **Super Bot Fight Mode** classify requests from ChatGPT as bots and block them at the WAF level — before the request ever reaches TREK. This is specific to ChatGPT; Claude.ai is not affected. ChatGPT's exit node IPs have low reputation scores in Cloudflare's threat intelligence and the User-Agent matches Cloudflare's automated-traffic heuristics. TREK itself never receives the request, so there is nothing in TREK's logs; the block is silent from TREK's perspective. + +Symptoms: +- ChatGPT shows a connection error or times out immediately after OAuth completes. +- Cloudflare's Security → Events log shows blocked requests to `/mcp` with action `block` and source `bfm` (Bot Fight Mode) or `managed_rule`. + +**Fix — Option 1: Disable Bot Fight Mode (free plan and paid plan)** + +In the Cloudflare dashboard for your zone: **Security → Bots → Bot Fight Mode → Off** (or Super Bot Fight Mode → Off). + +This is the only option available on the **free plan**. It disables bot blocking for the entire zone — all probe bots, scrapers, and crawlers that Cloudflare would otherwise block will reach your server. Only use this if you have no alternative. + +**Fix — Option 2: WAF skip rule for MCP paths (paid plan only)** + +> WAF custom rules require a **paid Cloudflare plan** (Pro or above). This option is not available on the free plan. + +Create a WAF skip rule that bypasses bot management only for the MCP and OAuth paths, leaving protection in place for the rest of the site: + +1. Go to **Security → WAF → Custom rules** and click **Create rule**. +2. Enter the following expression (replace `trek.example.com` with your domain): + + ``` + (http.host eq "trek.example.com") and ( + http.request.uri.path eq "/mcp" or + http.request.uri.path starts_with "/oauth/" or + http.request.uri.path starts_with "/.well-known/" + ) + ``` + + This covers all paths that ChatGPT's servers hit during discovery, OAuth, and MCP calls: + + | Path | Purpose | + |---|---| + | `/mcp` | MCP endpoint (GET, POST, DELETE) | + | `/oauth/authorize` | OAuth authorization handler | + | `/oauth/register` | Dynamic client registration | + | `/oauth/token` | Token issuance | + | `/oauth/userinfo` | User info (for domain claiming) | + | `/oauth/revoke` | Token revocation | + | `/.well-known/oauth-authorization-server` | RFC 8414 AS metadata | + | `/.well-known/oauth-protected-resource` | RFC 9728 flat resource metadata | + | `/.well-known/openid-configuration` | OIDC discovery | + +3. Set the action to **Skip** and check **Bot Fight Mode** (and/or **Super Bot Fight Mode**) under the skip options. +4. Save and deploy. + +This allows MCP and OAuth traffic through while keeping Cloudflare bot protection active for all other paths.