cloudflare · ranbel · Jan 17, 2025 · Jan 9, 2025 · Jan 9, 2025 · Jan 10, 2025
@@ -10,12 +10,10 @@ Cloudflare Access allows you to secure your web applications by acting as an ide
 
 ![Cloudflare Access verifies a user's identity before granting access to your application.](~/assets/images/cloudflare-one/applications/diagram-saas.jpg)
 
-You can protect two types of web applications: SaaS and self-hosted.
+You can protect the following types of web applications:
 
-* [**SaaS applications**](/cloudflare-one/applications/configure-apps/saas-apps/) consist of applications your team relies on that are not hosted by your organization. Examples include Salesforce and Workday. To secure SaaS applications, you must integrate Cloudflare Access with the SaaS application's SSO configuration.
+- [**SaaS applications**](/cloudflare-one/applications/configure-apps/saas-apps/) consist of applications your team relies on that are not hosted by your organization. Examples include Salesforce and Workday.
 
-* [**Self-hosted applications**](/cloudflare-one/applications/configure-apps/self-hosted-apps/) consist of internal applications that you host in your own environment. These can be the data center versions of tools like the Atlassian suite or applications created by your own team. To secure self-hosted applications, you must use Cloudflare's DNS ([full setup](/dns/zone-setups/full-setup/) or [partial CNAME setup](/dns/zone-setups/partial-setup/)) and [connect the application](/cloudflare-one/connections/connect-networks/) to Cloudflare.
+- [**Self-hosted applications**](/cloudflare-one/applications/configure-apps/self-hosted-apps/) consist of internal applications that you host in your own environment. These can be hosted versions of tools like the Atlassian suite or applications created and hosted by your own team.
 
-* [**Cloudflare Dashboard SSO**](/cloudflare-one/applications/configure-apps/dash-sso-apps/) are a special type of SaaS application that manages SSO settings for the Cloudflare dashboard and has limited permissions for administrator edits.
-
-* [**Private network applications**](/cloudflare-one/connections/connect-networks/private-net/) are self-hosted applications that do not have public DNS records, meaning they are not reachable from the public Internet. To allow remote users to access these applications, you must [connect the private network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/) to Cloudflare.
+- [**Cloudflare Dashboard SSO**](/cloudflare-one/applications/configure-apps/dash-sso-apps/) is a special type of SaaS application that manages SSO settings for the Cloudflare dashboard and has limited permissions for administrator edits.
diff --git a/...tent/docs/cloudflare-one/applications/configure-apps/self-hosted-apps/index.mdx b/...tent/docs/cloudflare-one/applications/configure-apps/self-hosted-apps/index.mdx
@@ -0,0 +1,19 @@
+---
+pcx_content_type: concept
+title: Self-hosted applications
+sidebar:
+  order: 1
+
+---
+
+import { Render } from "~/components"
+
+Cloudflare Access allows you to secure internal tools and applications by providing an authentication layer between the end user and your origin server. You can use signals from your existing identity providers (IdPs), device posture providers, and [other rules](/cloudflare-one/policies/access/#selectors) to control who can access your application. You can scope your policies to an entire private IP range, or define granular rules for specific websites, subdomains, and paths.
+
+![Cloudflare Access authenticates users to your internal applications.](~/assets/images/cloudflare-one/applications/network-diagram.png)
+
+The setup process for a self-hosted application depends on whether the application is publicly accessible on the Internet or restricted to users on a private network.
+
+- [**Public hostname applications**](/cloudflare-one/applications/configure-apps/self-hosted-apps/public-hostname-app/) are self-hosted applications that have public DNS records. Anyone on the Internet can access the application by entering the URL in their browser and authenticating through Cloudflare Access. Securing access to a public website requires a Cloudflare DNS [full setup](/dns/zone-setups/full-setup/) or [partial CNAME setup](/dns/zone-setups/partial-setup/).
+
+- [**Private network applications**](/cloudflare-one/connections/connect-networks/private-net/) are self-hosted applications that do not have public DNS records, meaning they are not reachable from the public Internet. Remote users must install the WARP client on their device and connect to the application using its private IP or private hostname. To add a private network application, refer to [Connect a private network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/).
diff --git a/...tions/configure-apps/self-hosted-apps.mdx → .../self-hosted-apps/public-hostname-app.mdx b/...tions/configure-apps/self-hosted-apps.mdx → .../self-hosted-apps/public-hostname-app.mdx
@@ -1,16 +1,14 @@
 ---
 pcx_content_type: how-to
-title: Self-hosted applications
+title: Publish a self-hosted application to the Internet
 sidebar:
-  order: 2
-
+  order: 1
+  label: Public hostname applications
 ---
 
 import { Render } from "~/components"
 
-<Render file="access/self-hosted-intro" />
 
-![Cloudflare Access authenticates users to your internal applications.](~/assets/images/cloudflare-one/applications/network-diagram.png)
 
 ## Prerequisites
 

@@ -8,7 +8,8 @@ sidebar:
 
 import { Render } from "~/components"
 
-<Render file="access/self-hosted-intro" product="cloudflare-one" />
+Cloudflare Access allows you to securely publish internal tools and applications to the Internet by providing an authentication layer between the end user and your origin server. You can use signals from your existing identity providers (IdPs), device posture providers, and [other rules](/cloudflare-one/policies/access/#selectors) to control who can access your application.
+
 Each application can have multiple policies with different constraints depending on what user group is accessing the application. For example, you can create one policy that requires corporate users to present specific device posture checks or mutual TLS authentication events, and a second policy for contractors which does not require these attributes.
 
 ## Add your application to Access