Is possible to run MCP Gateway as a Proxy Service? (Disabling authentication on MCP Context Forge)

[SirSerch]

Hi,

We currently have multiple MCP servers that use different authorization methods.

In this scenario, we have two MCP servers — let’s call them MCP-A and MCP-B.
Each server uses its own token, which we configure in the headers as X-MCPA and X-MCPB.

In the gateway, I can use Header Passthrough to forward the token (e.g., X-WHATEVER) from the client to the corresponding server.

The issue arises when I try to distribute this setup to all users. Ideally, they should be able to use the MCP Gateway as a proxy, without needing to configure each MCP server individually.

However, when I try to run the Gateway with AUTH_REQUIRED = False and remove BASIC_AUTH_USER and BASIC_AUTH_PASS, nothing changes — the gateway still expects at least one type of authentication.

Is it possible to delegate the security handling to the MCP servers themselves?
I understand this isn’t the most secure setup, but it would only be a temporary solution until we have everything properly configured.

Thanks in advance for your help!

[crivetimihai]

Hi @SirSerch, good point. There are security tradeoffs here and we should document supported proxy-mode boundaries. Could you share deployment topology and auth constraints so I can scope this clearly.

[crivetimihai]

Hi @SirSerch, yes — ContextForge can run as a proxy with authentication delegated to the upstream MCP servers.

Configuration:

AUTH_REQUIRED=false
MCP_REQUIRE_AUTH=false

With both set to false (see config.py:293 and config.py:413-421), the gateway operates in permissive mode:

• MCP endpoints (/servers/{id}/mcp) accept unauthenticated requests
• Unauthenticated users get public-only visibility (tools/servers with visibility: "public")
• The passthrough_headers field on each gateway entry (db.py:4592) forwards your custom auth headers (X-MCPA, X-MCPB) to upstream servers untouched

Setup for your use case:

# .env
AUTH_REQUIRED=false
MCP_REQUIRE_AUTH=false

Then register each gateway with header passthrough:

POST /gateways
{
  "name": "mcp-a",
  "url": "http://mcp-server-a:9000",
  "passthrough_headers": ["X-MCPA"]
}

Important caveats:

• The Admin UI and admin API endpoints still require authentication unless you also set ALLOW_UNAUTHENTICATED_ADMIN=true (config.py:294-297) — not recommended for anything beyond local dev
• If a virtual server has oauth_enabled=true, it still requires auth regardless of the global setting (streamablehttp_transport.py:736-741)
• Make sure your tools/servers are set to visibility: "public" so unauthenticated clients can discover them
• Invalid/malformed Bearer tokens are still rejected with 401 — only the absence of a token is permitted

This is a valid setup for internal/development use. For production, we recommend enabling gateway-level auth to add RBAC, rate-limiting, and audit logging on top of the upstream auth.