Protected stores
AI clients make automated HTTP requests to your store's MCP and OAuth endpoints. Protection layers such as Cloudflare, other CDN/WAF services, or HTTP basic authentication can block these requests, preventing the client from connecting.
This guide covers how to configure your protection layer to allow AI client connections while keeping the rest of your store protected.
Required endpoints
Regardless of the protection type, the following endpoints must be accessible to AI clients:
| Path | Purpose |
|---|---|
/mcp/* | MCP server and OAuth endpoints |
/.well-known/oauth-authorization-server | OAuth server discovery |
/.well-known/oauth-protected-resource | Protected resource metadata |
These endpoints are protected by OAuth 2.1 authentication. Allowing them through your firewall or CDN does not bypass security — every MCP request still requires a valid OAuth access token.
Cloudflare
Cloudflare's bot protection features (Bot Fight Mode, Super Bot Fight Mode, WAF managed rules) are the most common cause of connection failures. Even when not using explicit IP or path-based rules, Cloudflare can intercept automated requests and serve an HTML challenge page instead of the expected JSON response.
Symptoms:
RFC 7951 ERROR Not supportedwhen creating the appError fetching OAuth configuration — MCP server does not implement OAuth- The AI client fails to connect, but the same URLs work fine in a browser
Cloudflare's challenge pages are transparent to browsers — your browser executes the JavaScript challenge automatically and you see the real content. AI clients cannot execute JavaScript challenges, so they receive an HTML page instead of JSON and fail.
Step-by-step: Create a WAF exception rule
- Log in to Cloudflare Dashboard and select your domain.
- Go to Security -> WAF -> Custom rules.
- Click Create rule.
- Configure the rule:
- Rule name:
Allow MCP connections - If incoming requests match: select Edit expression and paste:
(http.request.uri.path contains "/mcp/") or (http.request.uri.path contains "/.well-known/") - Then: select Skip and check all remaining rule types (Rate Limiting rules, Managed rules, etc.)
- Rule name:
- Click Deploy.
Disable Bot Fight Mode for MCP paths (if enabled)
If you have Bot Fight Mode or Super Bot Fight Mode enabled, WAF exception rules alone may not be sufficient — Bot Fight Mode operates independently of WAF custom rules.
To check and adjust:
- Go to Security -> Bots.
- If Bot Fight Mode is enabled and you cannot disable it globally, create a WAF custom rule with the same expression as above but set the action to Skip with Bot Fight Mode checked.
Super Bot Fight Mode skip rules are available on Business and Enterprise Cloudflare plans. On the Free and Pro plans, if Bot Fight Mode is causing issues, you may need to disable it entirely or use a Page Rule / Configuration Rule to disable security for the MCP paths.
Verify the configuration
After creating the rule, verify that the endpoints return JSON responses.
Important: Run these tests from an external machine (e.g., your local computer), not from the server itself. Requests made from the server bypass Cloudflare entirely and will always succeed, giving a false positive.
Use the User-Agent string of the AI client you are connecting — a regular curl request uses a browser-like user-agent that Cloudflare may let through even when bot requests are still blocked.
ChatGPT:
curl -s -o /dev/null -w "%{http_code}" \
-A "Python/3.12 aiohttp/3.13.3" \
https://your-store.com/.well-known/oauth-authorization-server
Claude Desktop / Claude Web:
curl -s -o /dev/null -w "%{http_code}" \
-A "Claude-User" \
https://your-store.com/.well-known/oauth-authorization-server
Claude Code:
curl -s -o /dev/null -w "%{http_code}" \
-A "claude-code/2.1.45 (cli)" \
https://your-store.com/.well-known/oauth-authorization-server
OpenAI Codex:
curl -s -o /dev/null -w "%{http_code}" \
-A "Bun/1.3.10" \
https://your-store.com/.well-known/oauth-authorization-server
Gemini CLI:
curl -s -o /dev/null -w "%{http_code}" \
-A "node" \
https://your-store.com/.well-known/oauth-authorization-server
User-agent strings may change between client versions. If the examples above don't reproduce the issue, check your web server access logs for the actual user-agent sent by the AI client.
A 200 response confirms the endpoints are accessible for that client. If you get 403 or 503, the rule is not working yet — check Security -> Events in Cloudflare, filtered by path /.well-known/, to see if requests are still being challenged.
Other CDN / WAF services
If you use a different CDN or WAF provider (Sucuri, Akamai, AWS WAF, Fastly, etc.), the principle is the same: create a rule that allows automated requests to the paths listed in the Required endpoints section above.
Refer to your provider's documentation for creating path-based exception rules.
HTTP basic authentication
If your store is protected with HTTP basic authentication (.htpasswd), AI clients will not be able to connect because they cannot send HTTP basic auth credentials alongside OAuth tokens.
There are two approaches to solve this.
Solution 1: Exclude MCP endpoints from HTTP basic auth
Exclude the MCP and OAuth endpoints from HTTP basic auth in your web server configuration.
Apache (.htaccess)
Add the following rule to your .htaccess file, before the AuthType directive:
SetEnvIf Request_URI "^/(mcp/|\.well-known/oauth)" noauth
AuthType Basic
AuthName "Restricted"
AuthUserFile /path/to/.htpasswd
Require valid-user
Satisfy any
Order allow,deny
Allow from env=noauth
Nginx
Add a location block that disables basic auth for MCP endpoints:
location ~ ^/(mcp/|\.well-known/oauth) {
auth_basic off;
# Your existing fastcgi/proxy configuration
fastcgi_pass unix:/var/run/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
}
Place this block before the general location block that enables basic auth.
Solution 2: Allowlist AI provider IP addresses
If excluding endpoints is not possible, you can allowlist the IP addresses used by AI providers to bypass HTTP basic auth for those IPs only. All other visitors will still be required to authenticate.
Which IPs to allowlist depends on the type of AI client:
- Cloud-based clients (Claude Desktop/Web, ChatGPT) — MCP tool calls are routed through the provider's cloud infrastructure. You need to allowlist the provider's IP ranges listed below.
- CLI tools (Claude Code, Gemini CLI, OpenAI Codex) — these run on the user's machine and make MCP calls directly. The requests come from the user's own IP address, not the provider's cloud. Allowlist the IP of the machine running the CLI tool.
Anthropic (Claude Desktop / Claude Web)
Anthropic publishes fixed outbound IP addresses used when making MCP tool calls to external servers:
IPv4: 160.79.104.0/21
Source: Anthropic IP addresses documentation
OpenAI (ChatGPT)
OpenAI publishes egress IP ranges in a JSON file that is updated periodically:
URL: https://openai.com/chatgpt-actions.json
The file contains ~128 CIDR blocks. Because the list changes over time, use the JSON file as the source of truth rather than hardcoding specific ranges.
Source: OpenAI Actions production notes
Apache (.htaccess) example
# Allowlist Anthropic (Claude Desktop/Web)
SetEnvIf X-Forwarded-For "160\.79\.10[4-9]\." noauth
SetEnvIf X-Forwarded-For "160\.79\.11[01]\." noauth
AuthType Basic
AuthName "Restricted"
AuthUserFile /path/to/.htpasswd
Require valid-user
Satisfy any
Order allow,deny
Allow from env=noauth
Allow from 160.79.104.0/21
Nginx example
# Allowlist Anthropic (Claude Desktop/Web)
satisfy any;
allow 160.79.104.0/21;
# Add OpenAI ranges from chatgpt-actions.json as needed
deny all;
auth_basic "Restricted";
auth_basic_user_file /path/to/.htpasswd;
IP ranges may change over time. Check the provider documentation periodically:
- Anthropic: platform.claude.com/docs/en/api/ip-addresses
- OpenAI: openai.com/chatgpt-actions.json
Even when allowlisting IPs to bypass HTTP basic auth, the MCP endpoint still requires a valid OAuth access token. IP allowlisting only removes the HTTP basic auth layer — OAuth 2.1 authentication remains fully enforced.