k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-30 18:46:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: document ChatGPT MCP + Cloudflare Bot Fight Mode issue

Browse Source
This commit is contained in:
jubnl
2026-05-05 15:37:59 +02:00
parent 55ef0f3ca9
commit a1f4643b90
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wiki/MCP-Setup.md
+10
View File
@@ -41,6 +41,16 @@ Claude Desktop connects via `mcp-remote`. After creating an OAuth client using t
When the client starts it opens your browser to the TREK consent screen to complete the OAuth flow. When the client starts it opens your browser to the TREK consent screen to complete the OAuth flow.
### ChatGPT
ChatGPT's custom MCP connector supports Dynamic Client Registration (DCR) — no pre-created client is required:
1. In ChatGPT, open **Settings → Connected Apps → Add a custom app**.
2. Set the **MCP Server URL** to `https://<your-trek-instance>/mcp`.
3. ChatGPT will automatically discover TREK's OAuth metadata, register itself, and redirect you to the TREK consent screen to approve access.
> **Cloudflare users:** If your TREK instance is behind Cloudflare and you are on the **free plan**, you must disable **Bot Fight Mode** (`Security → Bots → Bot Fight Mode → Off`). ChatGPT's backend uses a Python HTTP client (`aiohttp`) whose TLS fingerprint is classified as a bot by Cloudflare. Because the free plan does not support path-based bot exceptions, the feature must be disabled globally. On **Pro and above**, create a WAF custom rule (position #1) that skips Bot Fight Mode for paths `/oauth/*`, `/.well-known/*`, and `/mcp`.
### Cursor, VS Code, Windsurf, and Zed ### Cursor, VS Code, Windsurf, and Zed
Clients that support `mcp-remote` can connect in one of two ways. Clients that support `mcp-remote` can connect in one of two ways.
wiki/Troubleshooting.md
+31
View File
@@ -240,6 +240,37 @@ Restart the container after adding the variable. Once set, clicking **Connect**
--- ---
## ChatGPT MCP connector: "Dynamic client registration failed" / 403
**Cause:** ChatGPT's MCP backend runs on OpenAI's datacenter IPs and uses a Python HTTP client (`aiohttp`). Cloudflare's **Bot Fight Mode** identifies the TLS fingerprint of this client as bot traffic and blocks the request at the edge — before it ever reaches your server. Because the request is dropped by Cloudflare, nothing appears in TREK's logs.
This affects the OAuth Dynamic Client Registration (`/oauth/register`), the `/mcp` endpoint, and the OAuth metadata endpoints (`/.well-known/*`).
**Fix — Cloudflare free plan:**
Disable Bot Fight Mode entirely:
**Security → Bots → Bot Fight Mode → Off**
The free plan does not support path-based exceptions, so the feature must be turned off globally. Your TREK data remains protected by its own authentication — Bot Fight Mode is not a substitute for application-level auth.
**Fix — Cloudflare Pro and above (Super Bot Fight Mode):**
Create a WAF custom rule at **position #1** (rules fire in order — it must be first):
```
Expression:
(http.request.uri.path contains "/oauth/") or
(http.request.uri.path contains "/.well-known/") or
(http.request.uri.path eq "/mcp")
Action: Skip → All remaining custom rules + Bot Fight Mode
```
Ensure the **"Bot Fight Mode"** checkbox in the Skip action is checked, not just "All remaining custom rules."
---
## MCP integration: "Too many requests" or "Session limit reached" ## MCP integration: "Too many requests" or "Session limit reached"
**Cause:** Each user is limited to 300 MCP requests per minute and 20 concurrent sessions by default. Exceeding either limit returns a `429` response. **Cause:** Each user is limited to 300 MCP requests per minute and 20 concurrent sessions by default. Exceeding either limit returns a `429` response.