update links

Author: ranbel

src/content/changelog/fundamentals/2025-10-01-fine-grained-permissioning-beta.mdx

@@ -12,7 +12,7 @@ import { Aside } from '@astrojs/starlight/components';
 Fine-grained permissions for **Access Applications, Identity Providers (IdPs), and Targets** is now available in Public Beta. This expands our RBAC model beyond account & zone-scoped roles, enabling administrators to grant permissions scoped to individual resources.
 
 ### What's New
-- **[Access Applications](https://developers.cloudflare.com/cloudflare-one/applications/)**: Grant admin permissions to specific Access Applications.
+- **[Access Applications](https://developers.cloudflare.com/cloudflare-one/access-controls/applications/http-apps/)**: Grant admin permissions to specific Access Applications.
 - **[Identity Providers](https://developers.cloudflare.com/cloudflare-one/identity/)**: Grant admin permissions to individual Identity Providers.
 - **[Targets](https://developers.cloudflare.com/cloudflare-one/access-controls/applications/non-http/infrastructure-apps/#1-add-a-target)**: Grant admin rights to specific Targets
 

src/content/docs/cloudflare-one/access-controls/policies/policy-management.mdx

@@ -25,7 +25,7 @@ To create a reusable Access policy:
    - [Temporary authentication](/cloudflare-one/access-controls/policies/temporary-auth/)
 8. Select **Save**.
 
-You can now add this policy to an [Access application](/cloudflare-one/applications/).
+You can now add this policy to an [Access application](/cloudflare-one/access-controls/applications/http-apps/).
 
 ## Edit a policy
 

src/content/docs/cloudflare-one/applications/index.mdx

@@ -52,7 +52,7 @@ By default, all predefined behaviors are disabled. When a behavior is enabled, Z
 
 | Risk behaviors                         | Requirements                                                                                                | Description                                                                                                                                                                                                            |
 | -------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Impossible travel                      | [A configured Access application](/cloudflare-one/applications/)                                            | User has a successful login from two different locations that they could not have traveled between in that period of time. Matches will appear in your [Access audit logs](/cloudflare-one/insights/logs/audit-logs/). |
+| Impossible travel                      | [A configured Access application](/cloudflare-one/access-controls/applications/http-apps/)                                            | User has a successful login from two different locations that they could not have traveled between in that period of time. Matches will appear in your [Access audit logs](/cloudflare-one/insights/logs/audit-logs/). |
 | High number of DLP policies triggered  | [A configured DLP profile](/cloudflare-one/data-loss-prevention/dlp-profiles/)                     | User has created a high number of DLP policy matches within a narrow frame of time. Matches will appear in your [Gateway activity logs](/cloudflare-one/insights/logs/gateway-logs/).                                  |
 | SentinelOne threat detected on machine | [SentinelOne service provider integration](/cloudflare-one/integrations/service-providers/sentinelone/) | SentinelOne returns one or more configured [device posture attributes](/cloudflare-one/integrations/service-providers/sentinelone/#device-posture-attributes) for a user.                                          |
 

src/content/docs/cloudflare-one/insights/risk-score.mdx

@@ -60,9 +60,9 @@ If you are setting up the tunnel through the CLI instead ([locally-managed tunne
 
 ## 2. Create and configure Hyperdrive to connect to the Cloudflare Tunnel
 
-To restrict access to the Cloudflare Tunnel to Hyperdrive, a [Cloudflare Access application](/cloudflare-one/applications/) must be configured with a [Policy](/cloudflare-one/traffic-policies/) that requires requests to contain a valid [Service Auth token](/cloudflare-one/access-controls/policies/#service-auth).
+To restrict access to the Cloudflare Tunnel to Hyperdrive, a [Cloudflare Access application](/cloudflare-one/access-controls/applications/http-apps/) must be configured with a [Policy](/cloudflare-one/traffic-policies/) that requires requests to contain a valid [Service Auth token](/cloudflare-one/access-controls/policies/#service-auth).
 
-The Cloudflare dashboard can automatically create and configure the underlying [Cloudflare Access application](/cloudflare-one/applications/), [Service Auth token](/cloudflare-one/access-controls/policies/#service-auth), and [Policy](/cloudflare-one/traffic-policies/) on your behalf. Alternatively, you can manually create the Access application and configure the Policies.
+The Cloudflare dashboard can automatically create and configure the underlying [Cloudflare Access application](/cloudflare-one/access-controls/applications/http-apps/), [Service Auth token](/cloudflare-one/access-controls/policies/#service-auth), and [Policy](/cloudflare-one/traffic-policies/) on your behalf. Alternatively, you can manually create the Access application and configure the Policies.
 
 <Details header="Automatic creation">