fix: bind to localhost by default to prevent DNS rebinding attacks

felixweinberger · felixweinberger · commit e8e990987c54 · 2025-06-10T18:16:24.000+01:00
- Change default binding from 0.0.0.0 (all interfaces) to 127.0.0.1 (localhost only)
- Add HOST environment variable to override binding address when needed
- Update console output to show actual binding address
- Document security change in README with warnings about binding to all interfaces

This prevents remote attackers from accessing the MCP Inspector proxy server,
which has the ability to execute local processes. The proxy should only be
accessible from the local machine unless explicitly configured otherwise.
diff --git a/README.md b/README.md
@@ -137,6 +137,16 @@ The inspector supports bearer token authentication for SSE connections. Enter yo
 
 The MCP Inspector includes a proxy server that can run and communicate with local MCP processes. The proxy server should not be exposed to untrusted networks as it has permissions to spawn local processes and can connect to any specified MCP server.
 
+#### Local-only Binding
+
+By default, the MCP Inspector proxy server binds only to `127.0.0.1` (localhost) to prevent network access. This ensures the server is not accessible from other devices on the network. If you need to bind to all interfaces for development purposes, you can override this with the `HOST` environment variable:
+
+```bash
+HOST=0.0.0.0 npm start
+```
+
+**Warning:** Only bind to all interfaces in trusted network environments, as this exposes the proxy server's ability to execute local processes.
+
 ### Configuration
 
 The MCP Inspector supports the following configuration settings. To change them, click on the `Configuration` button in the MCP Inspector UI:
diff --git a/server/src/index.ts b/server/src/index.ts
@@ -415,11 +415,12 @@ app.get("/config", (req, res) => {
   }
 });
 
-const PORT = process.env.PORT || 6277;
+const PORT = parseInt(process.env.PORT || '6277', 10);
+const HOST = process.env.HOST || '127.0.0.1';
 
-const server = app.listen(PORT);
+const server = app.listen(PORT, HOST);
 server.on("listening", () => {
-  console.log(`⚙️ Proxy server listening on port ${PORT}`);
+  console.log(`⚙️ Proxy server listening on ${HOST}:${PORT}`);
 });
 server.on("error", (err) => {
   if (err.message.includes(`EADDRINUSE`)) {
