Manual Chapter : MCP Protocol Protection Guide

Applies To:

  • BIG-IP ASM

    21.1.0

back-action BIG-IP Application Security Manager: Implementations

Updated Date: 05/04/2026

MCP Protocol Protection Guide

MCP Protocol Protection enables Web Application Firewall (WAF) inspection and mitigation for traffic using the Model Context Protocol (MCP). The MCP Protection Policy template provides predefined protections tailored specifically for MCP-based agent-to-application communications.

This feature lets security teams apply WAF enforcement to MCP traffic. It includes strict JSON-based request validation aligned with MCP’s JSON-RPC structure. It helps protect against injection attacks, sensitive data exposure, server-side request forgery (SSRF), and token tampering while maintaining expected application performance.

Before you create an MCP Protection policy, make sure the following prerequisites are met:

  • MCP traffic is routed through a virtual server. For setup instructions, see the LTM MCP configuration guide.
  • Appropriate logging profiles are configured and available.
  • SSL/TLS inspection is configured if MCP traffic is encrypted.
  • Required WAF provisioning and licensing are enabled.

Note: Apply the MCP Protection policy only to MCP-specific traffic. If the virtual server handles mixed traffic, configure the policy to apply only to MCP endpoints using a local traffic policy (L7 policy) or guided configuration.

The configuration steps for an MCP policy are similar to those for other security policies.

To create an MCP Protection policy

  1. On the Main tab, click:
    Security > Application Security > Security Policies

  2. Click Create.

  3. In the Policy Name field, type a unique name for the security policy.

  4. (Optional) In the Description field, enter a brief description for the policy.

  5. For Policy Template, select MCP Protection Policy.

  6. For Virtual Server, do one of the following:

    • Select an existing virtual server from the list.
    • Select Configure New Virtual Server to create and associate a new virtual server.

  7. For Logging Profiles, select one or more logging profiles as required. Examples include:

    • Log all requests
    • Log illegal requests

    Logging profiles determine how MCP inspection events are recorded and exported.

  8. Select Save.

The system creates the security policy and associates it with the selected virtual server.

MCP Protocol Protection primarily enforces security on request traffic. Response handling depends on the content type of the response.

  • For standard MCP HTTP responses (for example, application/json):

    • Full WAF enforcement is applied, including response inspection, Data Guard masking, and response attack signature evaluation.

  • For streaming responses using Server-Sent Events (SSE) with content type text/event-stream:

    • Response-side inspection is bypassed.
    • Data Guard and response attack signatures are not applied.
    • Response logging is not performed.

This behaviour ensures compatibility with MCP streaming use cases while maintaining protection for request traffic.

The MCP Protection policy enforces strict JSON validation and MCP-specific behaviour. If applied to non-MCP traffic, it may result in unintended policy enforcement.

For virtual servers serving multiple application types, apply the policy only to MCP-specific URLs using:

  • Local Traffic Policies (L7 policies), or
  • Guided Configuration

MCP Protocol Protection extends WAF inspection capabilities to MCP-based communications. By using the MCP Protection Policy template, security teams can quickly enable tailored protections for MCP traffic while maintaining standard policy configuration workflows, while accounting for streaming scenarios where response inspection is not applied.