You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
+6-10Lines changed: 6 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ You can configure a self-hosted Access application to manage access to specific
16
16
- Private hostnames route to your custom DNS resolver through [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) or [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/).
17
17
-[Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) must be enabled if you would like to present a login page in the browser. Otherwise, users will receive a pop-up notification from the WARP client.
18
18
19
-
## 1. Add your application to Access
19
+
## Add your application to Access
20
20
21
21
1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
22
22
@@ -48,7 +48,7 @@ You can configure a self-hosted Access application to manage access to specific
48
48
49
49
12. Select **Next**.
50
50
51
-
13. (Optional) Configure advanced settings for your application:
51
+
13. (Optional) Configure advanced settings. These settings only apply to private hostnames and require Gateway TLS decryption.
@@ -59,7 +59,9 @@ You can configure a self-hosted Access application to manage access to specific
59
59
60
60
14. Select **Save**.
61
61
62
-
## 2. (Optional) Modify order of precedence in Gateway
62
+
Users can now connect to your private application after authenticating with Cloudflare Access.
63
+
64
+
## Modify order of precedence in Gateway
63
65
64
66
By default, Cloudflare will evaluate Access private application policies after evaluating all Gateway network policies. To evaluate Access private application policies before or after specific Gateway policies, create the following [Gateway network policy](/cloudflare-one/policies/gateway/network-policies/):
65
67
@@ -72,10 +74,4 @@ You can now drag and drop this policy in the Gateway policy builder to change it
72
74
73
75
:::note
74
76
All Access applications are deny by default -- a user must match an associated Access Allow policy before they are granted access. The Gateway policy is strictly for routing and connectivity purposes.
75
-
:::
76
-
77
-
## 3. Validate the Access token
78
-
79
-
<Renderfile="access/secure-tunnel-with-access" />
80
-
81
-
Users can now connect to your private application after authenticating with Cloudflare Access.
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -231,7 +231,7 @@ Gateway matches network traffic against the following selectors, or criteria.
231
231
232
232
### All Access Private Apps
233
233
234
-
All destination IPs and hostnames associated with an [Access self-hosted private application](/cloudflare-one/applications/non-http/self-hosted-private-app/#2-optional-modify-order-of-precedence-in-gateway).
234
+
All destination IPs and hostnames associated with an [Access self-hosted private application](/cloudflare-one/applications/non-http/self-hosted-private-app/#modify-order-of-precedence-in-gateway).
0 commit comments