ros/n8n-mcp
1
0
Fork 0
mirror of https://github.com/czlonkowski/n8n-mcp.git synced 2026-03-23 10:53:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement security audit fixes - rate limiting and SSRF protection (Issue #265 PR #2)

Browse Source 
This commit implements HIGH-02 (Rate Limiting) and HIGH-03 (SSRF Protection)
from the security audit, protecting against brute force attacks and
Server-Side Request Forgery.

Security Enhancements:
- Rate limiting: 20 attempts per 15 minutes per IP (configurable)
- SSRF protection: Three security modes (strict/moderate/permissive)
- DNS rebinding prevention
- Cloud metadata blocking in all modes

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
czlonkowski
2025-10-06 15:40:07 +02:00
parent 9a00a99011
commit 06cbb40213
15 changed files with 1041 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@@ -198,10 +198,36 @@ Add to Claude Desktop config:
}
```
>💡 Tip: If youre running n8n locally on the same machine (e.g., via Docker), use http://host.docker.internal:5678 as the N8N_API_URL.
>💡 Tip: If you're running n8n locally on the same machine (e.g., via Docker), use http://host.docker.internal:5678 as the N8N_API_URL.
> **Note**: The n8n API credentials are optional. Without them, you'll have access to all documentation and validation tools. With them, you'll additionally get workflow management capabilities (create, update, execute workflows).
### 🏠 Local n8n Instance Configuration
If you're running n8n locally (e.g., `http://localhost:5678` or Docker), you need to allow localhost webhooks:
```json
{
"mcpServers": {
"n8n-mcp": {
"command": "docker",
"args": [
"run", "-i", "--rm", "--init",
"-e", "MCP_MODE=stdio",
"-e", "LOG_LEVEL=error",
"-e", "DISABLE_CONSOLE_OUTPUT=true",
"-e", "N8N_API_URL=http://host.docker.internal:5678",
"-e", "N8N_API_KEY=your-api-key",
"-e", "WEBHOOK_SECURITY_MODE=moderate",
"ghcr.io/czlonkowski/n8n-mcp:latest"
]
}
}
}
```
> ⚠️ **Important:** Set `WEBHOOK_SECURITY_MODE=moderate` to allow webhooks to your local n8n instance. This is safe for local development while still blocking private networks and cloud metadata.
**Important:** The `-i` flag is required for MCP stdio communication.
> 🔧 If you encounter any issues with Docker, check our [Docker Troubleshooting Guide](./docs/DOCKER_TROUBLESHOOTING.md).