![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)
Note: Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.
When you create a Hypersync between Hyperproof and Cloudflare, you can automatically collect the following proof types:Cloudflare proof types and fields
Proof type | Fields | Testable |
Account Details and Members | Account Type, Member 2FA enforcement, CreatedMembers: Name, Role, Status, 2FA | No |
Account Roles and Permissions | Role Name, Description
Permissions: Organization, Zone, SSL, DNS Records, Web Application Firewall, Analytics, Zone Settings, Cache Purge, Logs, Load Balancer, App, Access, Subscription, Worker, Member, Billing, Webhooks, Legal, Stream, Audit Log, Teams | No |
Firewall Rules | Action, Description, Disabled, Rule Expression | Yes |
List of WAF Managed Rules | Ruleset Name, Ruleset Version, Rule Id, Description, Rule Version, Action, Enabled, Last Updated | Yes |
Zone Details | Zone ID, Account ID, Name, Status, Original Registrar, Name Servers
SSL/TLS: SSL/TLS Encryption Mode, Always Use HTTPS, Minimum TLS Version, TLS 1.3, Automatic HTTPS Rewrites
HTTP Strict Transport Security: Enable HSTS, Max Age Header, Apply HSTS policy to subdomains, Preload, No-Sniff Header
Caching Configuration: Caching Level, Browser Cache TTL, Always Online, Development Mode
Scrape Shield: Email Address Obfuscation, Server-side Excludes, Always Online
Speed Optimization: Brotli, Rocket Loader
Auto Minify: Javascript, CSS, HTML
Mobile Redirect: Status, Mobile Subdomain, Strip URI
Network: HTTP/2, HTTP/3 (with QUIC), 0-RTTConnection Resumption, IPv6 Compatibility, WebSockets, Onion Routing, Pseudo IPv4, IP Geolocation, Maximum Upload Size | No |
Additional documentation
Requirements
To connect to Cloudflare and collect proof, you must configure specific permissions.
Account Details and Members proof permissions:
Account Settings - Read
Account Roles and Permissions proof permissions:
Account Settings - Read
Firewall Rules proof permissions:
Firewall Services - Read
List of WAF Managed rules proof permissions:
You must have at least one of the following:
Account Rulesets - Read
Account WAF - Read
Logs - Read
L4 DDoS Managed Ruleset - Read
Magic Firewall - Read
Mass URL Redirects - Read
Select Configuration - Read
Transform Rules - Read
Zone Details proof permissions:
Zone Settings - Read
Connecting to Cloudflare
Note:
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need.
Additionally, you can create multiple Hypersyncs for a single control or label.
Authentication type: Custom
Custom authentication parameters: API Token
Tip: The required authentication token can be found in Cloudflare via My Profile > API Tokens.
Certain cloud services offer specialized options for IP filtering in their cloud consoles to lock down specific cloud API endpoints for security and compliance purposes. You can use the Hyperproof static IP addresses to allow communication between Hyperproof Hypersyncs and your cloud service.
Hyperproof US IP addresses - 20.184.128.53, 52.9.169.38, 52.159.252.1
Note: IP address 52.9.169.38 will be deprecated and replaced with 52.159.252.1 in the future. To prevent connectivity issues, it is recommended that you include all three IP addresses in your allowlists.
Hyperproof EU IP addresses - 9.141.172.46, 4.185.45.100
Hyperproof Gov IP addresses - 4.155.77.155, 4.155.78.5, 4.155.8.97
See Hyperproof instances for more information.