MCP Settings Object Structure

Overview

The mcpSettings configuration provides global settings for MCP (Model Context Protocol) server security and behavior. This configuration is separate from mcpServers and controls how MCP servers can connect to certain domains and IP addresses.

Example

# Example MCP Settings Configuration
mcpSettings:
  allowedDomains:
    - "example.com"                      # Specific domain
    - "*.example.com"                    # All subdomains using wildcard
    - "mcp-server"                       # Local Docker domain
    - "172.24.1.165"                     # Internal network IP
    - "https://api.example.com:8443"     # With protocol and port

Configuration

Subkeys

Key	Type	Description	Example
allowedDomains	Array of Strings	A list specifying allowed domains for MCP server connections.	When configured, only listed domains are allowed. When not configured, SSRF targets are blocked but all other domains are allowed.

Security Context (SSRF Protection)

LibreChat includes SSRF (Server-Side Request Forgery) protection with the following behavior:

When allowedDomains is NOT configured:

SSRF-prone targets are blocked by default
All other external domains are allowed

When allowedDomains IS configured:

Only domains on the list are allowed
Internal/SSRF targets can be allowed by explicitly adding them to the list

Blocked SSRF targets include:

Localhost addresses (localhost, 127.0.0.1, ::1)
Private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
Link-local addresses (169.254.0.0/16, includes cloud metadata IPs)
Internal TLDs (.internal, .local, .localhost)
Common internal service names (redis, mongodb, postgres, api, rag_api, etc.)

If your MCP servers need to connect to internal services or Docker containers, you must explicitly add them to allowedDomains.

Pattern Formats

The allowedDomains array supports several pattern formats:

Exact Domain Match
allowedDomains: - "example.com"
Only allows connections to exactly example.com (any protocol/port)
Wildcard Subdomain Match
allowedDomains: - "*.example.com"
Allows connections to all subdomains of example.com (e.g., api.example.com, mcp.example.com)
Specific IP Address
allowedDomains: - "192.168.1.100" - "172.24.1.165"
Allows connections to specific IP addresses
Local Docker Domains
allowedDomains: - "mcp-server" - "host.docker.internal"
Allows connections to Docker container names or special Docker domains
With Protocol and Port
allowedDomains: - "https://api.example.com:8443" - "http://internal-mcp:3000"
Restricts connections to specific protocol and port combinations

Error Messages

If you see errors like:

  error: [MCPServersRegistry] Failed to inspect server "my-mcp": Domain "http://172.24.1.165:8000" is not allowed
  error: [MCP][my-mcp] Failed to initialize: Domain "http://172.24.1.165:8000" is not allowed

This likely indicates that the MCP server's domain needs to be added to allowedDomains:

mcpSettings:
  allowedDomains:
    - "172.24.1.165"    # Add the IP address or domain

References

MCP Servers Configuration
MCP Features
Actions allowedDomains (similar concept for Actions)

MCP Settings Object Structure

On this page