I am currently building an MCP server that supports Dynamic Client Registration.
Considering attacks on the OAuth DCR register endpoint, I’m planning to implement not only rate limiting but also IP access control.
Can access to the MCP server be controlled using the IP addresses listed in the IP egress ranges? Or will requests come to the MCP server from IP ranges other than those listed?