Join us in Munich, Germany June 17th for BoxLang and BoxLang AI Training
Register
Ctrlk
DownloadTrySourceSupportAI SDK
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Security & Access Control

Secure your MCP server with auth tokens, per-token tool filters, IP allowlisting, and CORS configuration.

The bx-mcp module provides multiple layers of security to control access to your runtime diagnostics and management tools. These layers can be combined for defense in depth.

πŸ“‹ Security Layers

Layer
Mechanism
Scope

Authentication

Bearer token via authToken

Every request

Authorization

Per-token tool filters with glob patterns and named security profiles

Per-request tool access

Network

IP allowlisting via allowedIPs

Connection-level

CORS

Origin allowlisting via corsAllowedOrigins

Browser-based clients

πŸ”‘ Authentication

Authentication is configured with the authToken setting. It supports three shapes.

Shape 1: Simple String

One token with full access to every registered tool:

{
  "modules": {
    "bxmcp": {
      "settings": {
        "authToken": "my-secret-token"
      }
    }
  }
}

Clients send:

Shape 2: Array of Structs (Inline Tools)

Multiple tokens, each with independent tool-level access control:

Each struct accepts the following fields:

Field
Default
Description

token

(required)

The Bearer token value the client must send

includedTools

["*"]

Tool whitelist β€” exact names or glob patterns

excludedTools

[]

Tools to block even if they match the whitelist

Shape 3: Array of Structs (Profile Reference) β€” Recommended

Reference named profiles from securityProfiles instead of repeating tool lists:

Each struct accepts:

Field
Default
Description

token

(required)

The Bearer token value the client must send

profile

(required)

Name of a profile defined in securityProfiles

When a token uses profile, it inherits all tool rules from the named profile. Inline includedTools/excludedTools on the same token entry are ignored when profile is set. See the Security Profiles section above for how to define profiles.

Filtering Rules (Applied in Order)

  1. If includedTools does not contain "*" and the tool name does not match any pattern β†’ denied

  2. If the tool name matches any pattern in excludedTools β†’ denied

  3. Otherwise β†’ allowed

Glob Pattern Reference

Pattern
Matches

"*"

All tools

"jvm*"

All tools starting with jvm_

"cache_get*"

cache_get_all, cache_get_stats, cache_get_keys, …

"*_health*"

Any tool with _health in its name

"runtime_get_info"

Exact match only

Disabling Authentication

Leave authToken empty ("") or omit it entirely to run in open-access mode. Suitable only for localhost-only deployments already protected by allowedIPs.

πŸ“‹ Security Profiles

The securityProfiles setting provides a recommended way to manage token access β€” define named profiles once in configuration, then reference them from authToken entries via the profile field. This eliminates repetitive tool lists and centralizes access policy.

Built-in Profiles

Two profiles are always available and can be overridden:

Profile
Included Tools
Description

admin

["*"] (all tools)

Unrestricted access to every tool

readonly

["*_get*", "*_has*", "*_search*", "*_read*"]

Read-only observability β€” all get/has/search/read operations

Defining Custom Profiles

Each profile accepts:

Field
Default
Description

includedTools

["*"]

Tool whitelist with glob pattern support

excludedTools

[]

Tool blacklist with glob pattern support

Using Profiles in Auth Tokens

Once profiles are defined, reference them in authToken entries with the profile field:

When a token uses profile, it inherits all tool rules from the named profile. Inline includedTools/excludedTools on the same token entry are ignored when profile is set.

🌐 IP Allowlisting

Control access at the network level with allowedIPs. Supports individual IP addresses and CIDR notation.

Value
Behavior

["127.0.0.1"]

Default β€” localhost only

["192.168.0.0/16"]

Allow entire private subnet

["10.0.0.1", "10.0.0.2"]

Allow specific IPs

[]

Allow all IPs (use with caution)

🌍 CORS Configuration

Configure cross-origin requests for browser-based MCP clients:

Value
Behavior

[]

Default β€” no CORS headers sent

["*"]

Allow all origins

["*.domain.com"]

Allow subdomains via wildcard

πŸ›‘οΈ Tool Blacklisting

Use excludedTools at the global level to hide sensitive operations from all clients:

πŸ” Security Best Practices

Production Deployment Checklist

  • βœ… Set a strong authToken β€” never leave it empty

  • βœ… Use securityProfiles for centralized, maintainable access policies (recommended over inline tool lists)

  • βœ… Restrict allowedIPs to trusted networks

  • βœ… Add sensitive tools to excludedTools

  • βœ… Use per-token access control for multi-tenant scenarios

  • βœ… Enable TLS/HTTPS on your web server for encrypted transport

  • βœ… Review logging_get_info and runtime_get_config β€” these expose system details

Example: Read-Only Monitoring Token (Profile-Based β€” Recommended)

Example: Read-Only Monitoring Token (Inline)

Example: Ops Token Without Destructive Operations (Profile-Based β€” Recommended)

Example: Ops Token Without Destructive Operations (Inline)

πŸ“š Next Steps

PreviousQuick StartNextClient Configuration

Last updated

Was this helpful?