diff --git a/src/content/docs/cloudflare-one/applications/non-http/infrastructure-apps.mdx b/src/content/docs/cloudflare-one/applications/non-http/infrastructure-apps.mdx
index f27d2cc66be90d..7060160b33bf7a 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/infrastructure-apps.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/infrastructure-apps.mdx
@@ -37,7 +37,7 @@ Access for Infrastructure currently only supports [SSH](/cloudflare-one/connecti
## 1. Add a target
-
+
## 2. Add an infrastructure application
@@ -122,9 +122,9 @@ The following [Access policy selectors](/cloudflare-one/policies/access/#selecto
By default, Cloudflare will evaluate Access infrastructure application policies after evaluating all Gateway network policies. To evaluate Access infrastructure applications before or after specific Gateway policies, create the following [Gateway network policy](/cloudflare-one/policies/gateway/network-policies/):
-| Selector | Operator | Value | Action |
-| ---------------------- | -------- | ----- | ------ |
-| All Access App Targets | is | on | Allow |
+| Selector | Operator | Value | Action |
+| ---------------------------- | -------- | --------- | ------ |
+| Access Infrastructure Target | is | _Present_ | Allow |
You can move this policy in the Gateway policy builder to change its [order of precedence](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence).
diff --git a/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx b/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
index 04368a06d043fb..6b32216ee4840f 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
@@ -22,25 +22,27 @@ This feature replaces the legacy [private network app type](/cloudflare-one/appl
## Add your application to Access
-
+
-6. Add the private IP and/or private hostname that represents the application. You can use [wildcards](/cloudflare-one/policies/access/app-paths/) with private hostnames to protect multiple parts of an application that share a root path.
+6. Add the private IP and/or private hostname that represents the application. You can use [wildcards](/cloudflare-one/policies/access/app-paths/) with private hostnames to protect multiple parts of an application that share a root path.
- :::note
- Private hostnames are currently only available over port `443` over HTTPS and the application must have a valid Server Name Indicator (SNI).
- :::
+ :::note
+ Private hostnames are currently only available over port `443` over HTTPS and the application must have a valid Server Name Indicator (SNI).
+ :::
7.
-8. Configure how users will authenticate:
+8. Configure how users will authenticate:
- 1. Select the [**Identity providers**](/cloudflare-one/identity/idp-integration/) you want to enable for your application.
+ 1. Select the [**Identity providers**](/cloudflare-one/identity/idp-integration/) you want to enable for your application.
+ 2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
+ 3. (Recommended) Turn on **WARP authentication identity** to allow users to authenticate to the application using their [WARP session identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). We recommend turning this on if your application is not in the browser and cannot handle a `302` redirect.
- 2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
-
- 3. (Recommended) Turn on **WARP authentication identity** to allow users to authenticate to the application using their [WARP session identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). We recommend turning this on if your application is not in the browser and cannot handle a `302` redirect.
-
-9. Select **Next**.
+9. Select **Next**.
10. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application.
@@ -48,9 +50,12 @@ This feature replaces the legacy [private network app type](/cloudflare-one/appl
12. Select **Next**.
-13.
+13.
- These settings only apply to private hostnames and require [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/).
+ These settings only apply to private hostnames and require [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/).
14. Select **Save**.
@@ -74,9 +79,9 @@ The WARP client manages sessions for all non-HTTPS applications. Users will rece
By default, Cloudflare will evaluate a private application's Access policies after evaluating all Gateway network policies. To evaluate Access private applications before or after specific Gateway policies, create the following [Gateway network policy](/cloudflare-one/policies/gateway/network-policies/):
-| Selector | Operator | Value | Action |
-| ----------------------------------- | -------- | ----- | ------ |
-| All Access App Private Destinations | is | on | Allow |
+| Selector | Operator | Value | Action |
+| ------------------ | -------- | --------- | ------ |
+| Access Private App | is | _Present_ | Allow |
You can move this policy in the Gateway policy builder to change its [order of precedence](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence).
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
index b43252245c49af..38adf05b92023a 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
@@ -40,6 +40,8 @@ API value: `allow`
**Traffic**
+- [Access Infrastructure Target](#access-infrastructure-target)
+- [Access Private App](#access-private-app)
- [Application](#application)
- [Content Categories](#content-categories)
- [Destination Continent IP Geolocation](#destination-continent)
@@ -105,6 +107,8 @@ API value: `block`
**Traffic**
+- [Access Infrastructure Target](#access-infrastructure-target)
+- [Access Private App](#access-private-app)
- [Application](#application)
- [Content Categories](#content-categories)
- [Destination Continent IP Geolocation](#destination-continent)
@@ -393,13 +397,13 @@ Policies created using the URL selector are case-sensitive.
Gateway matches HTTP traffic against the following selectors, or criteria:
-### All Access Private App Destinations
+### Access Infrastructure Target
-
+
-### All Access App Targets
+### Access Private App
-
+
### Application
diff --git a/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
index b38e82eb33bac3..9cb5671c39436f 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
@@ -40,8 +40,8 @@ API value: `allow`
**Traffic**
-- [All Access Private Apps](#all-access-private-app-destinations)
-- [All Access App Targets](#all-access-app-targets)
+- [Access Infrastructure Target](#access-infrastructure-target)
+- [Access Private App](#access-private-app)
- [Application](#application)
- [Content Categories](#content-categories)
- [Destination Continent IP Geolocation](#destination-continent)
@@ -137,6 +137,8 @@ API value: `block`
**Traffic**
+- [Access Infrastructure Target](#access-infrastructure-target)
+- [Access Private App](#access-private-app)
- [Application](#application)
- [Content Categories](#content-categories)
- [Destination Continent IP Geolocation](#destination-continent)
@@ -232,13 +234,13 @@ Gateway will only log successful override connections in your [network logs](/cl
Gateway matches network traffic against the following selectors, or criteria.
-### All Access Private App Destinations
+### Access Infrastructure Target
-
+
-### All Access App Targets
+### Access Private App
-
+
### Application
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/all-access-app-targets.mdx b/src/content/partials/cloudflare-one/gateway/selectors/all-access-app-targets.mdx
index 366713b9fef7a2..8a0208de9684da 100644
--- a/src/content/partials/cloudflare-one/gateway/selectors/all-access-app-targets.mdx
+++ b/src/content/partials/cloudflare-one/gateway/selectors/all-access-app-targets.mdx
@@ -4,6 +4,6 @@
All [targets](/cloudflare-one/applications/non-http/infrastructure-apps/#1-add-a-target) secured by an [Access infrastructure application](/cloudflare-one/applications/non-http/infrastructure-apps/).
-| UI name | API example |
-| ---------------------- | --------------- |
-| All Access App Targets | `access.target` |
+| UI name | API example |
+| ---------------------------- | --------------- |
+| Access Infrastructure Target | `access.target` |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/all-access-private-app-destinations.mdx b/src/content/partials/cloudflare-one/gateway/selectors/all-access-private-app-destinations.mdx
index 83a5e25248314e..1f25ee627fa4e0 100644
--- a/src/content/partials/cloudflare-one/gateway/selectors/all-access-private-app-destinations.mdx
+++ b/src/content/partials/cloudflare-one/gateway/selectors/all-access-private-app-destinations.mdx
@@ -4,6 +4,6 @@
All destination IPs and hostnames secured by an [Access self-hosted private application](/cloudflare-one/applications/non-http/self-hosted-private-app/).
-| UI name | API example |
-| ----------------------------------- | -------------------- |
-| All Access Private App Destinations | `access.private_app` |
+| UI name | API example |
+| ------------------ | -------------------- |
+| Access Private App | `access.private_app` |