# MCP Settings Object Structure (/docs/configuration/librechat_yaml/object_structure/mcp_settings)

## Overview

The `mcpSettings` configuration provides global settings for MCP (Model Context Protocol) server security and behavior. This configuration is separate from `mcpServers` and controls how MCP servers can connect to certain domains and IP addresses.

## Example

```yaml filename="MCP Settings Object Structure"
# Example MCP Settings Configuration
mcpSettings:
  allowedDomains:
    - "example.com"                      # Specific domain
    - "*.example.com"                    # All subdomains using wildcard
    - "mcp-server"                       # Local Docker domain
    - "172.24.1.165"                     # Internal network IP
    - "https://api.example.com:8443"     # With protocol and port
```

## Configuration

### Subkeys

<OptionTable
  options={[
    ['allowedDomains', 'Array of Strings', 'A list specifying allowed domains for MCP server connections.', 'When configured, only listed domains are allowed. When not configured, SSRF targets are blocked but all other domains are allowed.'],
  ]}
/>

### Security Context (SSRF Protection)

LibreChat includes SSRF (Server-Side Request Forgery) protection with the following behavior:

**When `allowedDomains` is NOT configured:**
- SSRF-prone targets are **blocked by default**
- All other external domains are **allowed**

**When `allowedDomains` IS configured:**
- **Only** domains on the list are allowed
- Internal/SSRF targets can be allowed by explicitly adding them to the list

**Blocked SSRF targets include:**
- **Localhost** addresses (`localhost`, `127.0.0.1`, `::1`)
- **Private IP ranges** (`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`)
- **Link-local addresses** (`169.254.0.0/16`, includes cloud metadata IPs)
- **Internal TLDs** (`.internal`, `.local`, `.localhost`)
- **Common internal service names** (`redis`, `mongodb`, `postgres`, `api`, `rag_api`, etc.)

If your MCP servers need to connect to internal services or Docker containers, you **must explicitly add them** to `allowedDomains`.

### Pattern Formats

The `allowedDomains` array supports several pattern formats:

1. **Exact Domain Match**
   ```yaml
   allowedDomains:
     - "example.com"
   ```
   Only allows connections to exactly `example.com` (any protocol/port)

2. **Wildcard Subdomain Match**
   ```yaml
   allowedDomains:
     - "*.example.com"
   ```
   Allows connections to all subdomains of `example.com` (e.g., `api.example.com`, `mcp.example.com`)

3. **Specific IP Address**
   ```yaml
   allowedDomains:
     - "192.168.1.100"
     - "172.24.1.165"
   ```
   Allows connections to specific IP addresses

4. **Local Docker Domains**
   ```yaml
   allowedDomains:
     - "mcp-server"
     - "host.docker.internal"
   ```
   Allows connections to Docker container names or special Docker domains

5. **With Protocol and Port**
   ```yaml
   allowedDomains:
     - "https://api.example.com:8443"
     - "http://internal-mcp:3000"
   ```
   Restricts connections to specific protocol and port combinations

### Error Messages

If you see errors like:
```bash
  error: [MCPServersRegistry] Failed to inspect server "my-mcp": Domain "http://172.24.1.165:8000" is not allowed
  error: [MCP][my-mcp] Failed to initialize: Domain "http://172.24.1.165:8000" is not allowed
```

This likely indicates that the MCP server's domain needs to be added to `allowedDomains`:

```yaml
mcpSettings:
  allowedDomains:
    - "172.24.1.165"    # Add the IP address or domain
```

## References

- [MCP Servers Configuration](/docs/configuration/librechat_yaml/object_structure/mcp_servers)
- [MCP Features](/docs/features/mcp)
- [Actions allowedDomains](/docs/configuration/librechat_yaml/object_structure/actions#alloweddomains) (similar concept for Actions)