π Note
Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.
When you create a Hypersync between Hyperproof and Cloudflare, you can automatically collect the following proof types:
Cloudflare proof types and fields
Proof type | Fields | Testable |
Account Details and Members | Account Type, Member 2FA enforcement, CreatedMembers: Name, Role, Status, 2FA | No |
Account Roles and Permissions | Role Name, Description Permissions: Organization, Zone, SSL, DNS Records, Web Application Firewall, Analytics, Zone Settings, Cache Purge, Logs, Load Balancer, App, Access, Subscription, Worker, Member, Billing, Webhooks, Legal, Stream, Audit Log, Teams | No |
Firewall Rules | Action, Description, Disabled, Rule Expression | Yes |
List of WAF Managed Rules | Ruleset Name, Ruleset Version, Rule Id, Description, Rule Version, Action, Enabled, Last Updated | Yes |
Zone Details | Zone ID, Account ID, Name, Status, Original Registrar, Name Servers SSL/TLS: SSL/TLS Encryption Mode, Always Use HTTPS, Minimum TLS Version, TLS 1.3, Automatic HTTPS Rewrites HTTP Strict Transport Security: Enable HSTS, Max Age Header, Apply HSTS policy to subdomains, Preload, No-Sniff Header Caching Configuration: Caching Level, Browser Cache TTL, Always Online, Development Mode Scrape Shield: Email Address Obfuscation, Server-side Excludes, Always Online Speed Optimization: Brotli, Rocket Loader Auto Minify: Javascript, CSS, HTML Mobile Redirect: Status, Mobile Subdomain, Strip URI Network: HTTP/2, HTTP/3 (with QUIC), 0-RTTConnection Resumption, IPv6 Compatibility, WebSockets, Onion Routing, Pseudo IPv4, IP Geolocation, Maximum Upload Size | No |
β
Additional documentation
Requirements
To connect to Cloudflare and collect proof, you must configure specific permissions.
β
Account Details and Members proof permissions:
Account Settings - Read
Account Roles and Permissions proof permissions:
Account Settings - Read
Firewall Rules proof permissions:
Firewall Services - Read
List of WAF Managed rules proof permissions:
β
You must have at least one of the following:
Account Rulesets - Read
Account WAF - Read
Logs - Read
L4 DDoS Managed Ruleset - Read
Magic Firewall - Read
Mass URL Redirects - Read
Select Configuration - Read
Transform Rules - Read
Zone Details proof permissions:
Zone Settings - Read
Connecting to Cloudflare
π Note
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need.
β
Additionally, you can create multiple Hypersyncs for a single control or label.
Authentication type: Custom
β
Custom authentication parameters: API Token
π‘ Tip
The required authentication token can be found in Cloudflare via My Profile > API Tokens.
Certain cloud services offer specialized options for IP filtering in their cloud consoles to lock down specific cloud API endpoints for security and compliance purposes. You can use the Hyperproof static IP addresses to allow communication between Hyperproof Hypersyncs and your cloud service.
π Note
IP addresses for the Hyperproof Gov will be deprecated and replaced, as shown in the following table:
Service | Current IP address | New IP address |
Main app | 4.154.201.6 | 4.155.77.155 |
Integrations | 4.246.104.90 | 4.155.78.5 |
To prevent connectivity issues, it is recommended that you include all four IP addresses in your allowlists.
Hyperproof US IP addresses - 20.184.128.53, 52.9.169.38, 52.159.252.1
π Note
IP address 52.9.169.38 will be deprecated and replaced with 52.159.252.1 in the future. To prevent connectivity issues, it is recommended that you include all three IP addresses in your allowlists.
Hyperproof EU IP addresses - 9.141.172.46, 4.185.45.100
Hyperproof Gov IP addresses - 4.154.201.6, 4.246.104.90
See Hyperproof instances for more information.
![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)