cloudflare · maxvp · Mar 31, 2025 · Mar 31, 2025 · Mar 31, 2025 · Mar 31, 2025
@@ -37,7 +37,7 @@ Access for Infrastructure currently only supports [SSH](/cloudflare-one/connecti
 
 ## 1. Add a target
 
-<Render file="access/add-target" params={{ protocol: "generic" }}/>
+<Render file="access/add-target" params={{ protocol: "generic" }} />
 
 ## 2. Add an infrastructure application
 
@@ -122,9 +122,9 @@ The following [Access policy selectors](/cloudflare-one/policies/access/#selecto
 
 By default, Cloudflare will evaluate Access infrastructure application policies after evaluating all Gateway network policies. To evaluate Access infrastructure applications before or after specific Gateway policies, create the following [Gateway network policy](/cloudflare-one/policies/gateway/network-policies/):
 
-| Selector               | Operator | Value | Action |
-| ---------------------- | -------- | ----- | ------ |
-| All Access App Targets | is       | on    | Allow  |
+| Selector                     | Operator | Value     | Action |
+| ---------------------------- | -------- | --------- | ------ |
+| Access Infrastructure Target | is       | _Present_ | Allow  |
 
 You can move this policy in the Gateway policy builder to change its [order of precedence](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence).
 

@@ -22,35 +22,40 @@ This feature replaces the legacy [private network app type](/cloudflare-one/appl
 
 ## Add your application to Access
 
-<Render file="access/self-hosted-app/create-app" product="cloudflare-one" params={{ private: true }}/>
+<Render
+	file="access/self-hosted-app/create-app"
+	product="cloudflare-one"
+	params={{ private: true }}
+/>
 
-6. Add the private IP and/or private hostname that represents the application. You can use [wildcards](/cloudflare-one/policies/access/app-paths/) with private hostnames to protect multiple parts of an application that share a root path.
+6.  Add the private IP and/or private hostname that represents the application. You can use [wildcards](/cloudflare-one/policies/access/app-paths/) with private hostnames to protect multiple parts of an application that share a root path.
 
-	:::note
-	Private hostnames are currently only available over port `443` over HTTPS and the application must have a valid Server Name Indicator (SNI).
-	:::
+    :::note
+    Private hostnames are currently only available over port `443` over HTTPS and the application must have a valid Server Name Indicator (SNI).
+    :::
 
 7.  <Render file="access/add-access-policies" product="cloudflare-one" />
 
-8. Configure how users will authenticate:
+8.  Configure how users will authenticate:
 
-		1. Select the [**Identity providers**](/cloudflare-one/identity/idp-integration/) you want to enable for your application.
+        1. Select the [**Identity providers**](/cloudflare-one/identity/idp-integration/) you want to enable for your application.
+        2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
+        3. (Recommended) Turn on **WARP authentication identity** to allow users to authenticate to the application using their [WARP session identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). We recommend turning this on if your application is not in the browser and cannot handle a `302` redirect.
 
-		2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
-
-		3. (Recommended) Turn on **WARP authentication identity** to allow users to authenticate to the application using their [WARP session identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). We recommend turning this on if your application is not in the browser and cannot handle a `302` redirect.
-
-9. Select **Next**.
+9.  Select **Next**.
 
 10. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application.
 
 11. <Render file="access/access-block-page" product="cloudflare-one" />
 
 12. Select **Next**.
 
-13. <Render file="access/self-hosted-app/advanced-settings" product="cloudflare-one" />
+13. <Render
+    	file="access/self-hosted-app/advanced-settings"
+    	product="cloudflare-one"
+    />
 
-		These settings only apply to private hostnames and require [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/).
+        These settings only apply to private hostnames and require [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/).
 
 14. Select **Save**.
 
@@ -74,9 +79,9 @@ The WARP client manages sessions for all non-HTTPS applications. Users will rece
 
 By default, Cloudflare will evaluate a private application's Access policies after evaluating all Gateway network policies. To evaluate Access private applications before or after specific Gateway policies, create the following [Gateway network policy](/cloudflare-one/policies/gateway/network-policies/):
 
-| Selector                            | Operator | Value | Action |
-| ----------------------------------- | -------- | ----- | ------ |
-| All Access App Private Destinations | is       | on    | Allow  |
+| Selector           | Operator | Value     | Action |
+| ------------------ | -------- | --------- | ------ |
+| Access Private App | is       | _Present_ | Allow  |
 
 You can move this policy in the Gateway policy builder to change its [order of precedence](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence).
 

@@ -40,6 +40,8 @@ API value: `allow`
 
 **Traffic**
 
+- [Access Infrastructure Target](#access-infrastructure-target)
+- [Access Private App](#access-private-app)
 - [Application](#application)
 - [Content Categories](#content-categories)
 - [Destination Continent IP Geolocation](#destination-continent)
@@ -105,6 +107,8 @@ API value: `block`
 
 **Traffic**
 
+- [Access Infrastructure Target](#access-infrastructure-target)
+- [Access Private App](#access-private-app)
 - [Application](#application)
 - [Content Categories](#content-categories)
 - [Destination Continent IP Geolocation](#destination-continent)
@@ -393,13 +397,13 @@ Policies created using the URL selector are case-sensitive.
 
 Gateway matches HTTP traffic against the following selectors, or criteria:
 
-### All Access Private App Destinations
+### Access Infrastructure Target
 
-<Render file="gateway/selectors/all-access-private-app-destinations" />
+<Render file="gateway/selectors/all-access-app-targets" />
 
-### All Access App Targets
+### Access Private App
 
-<Render file="gateway/selectors/all-access-app-targets" />
+<Render file="gateway/selectors/all-access-private-app-destinations" />
 
 ### Application
 

@@ -40,8 +40,8 @@ API value: `allow`
 
 **Traffic**
 
-- [All Access Private Apps](#all-access-private-app-destinations)
-- [All Access App Targets](#all-access-app-targets)
+- [Access Infrastructure Target](#access-infrastructure-target)
+- [Access Private App](#access-private-app)
 - [Application](#application)
 - [Content Categories](#content-categories)
 - [Destination Continent IP Geolocation](#destination-continent)
@@ -137,6 +137,8 @@ API value: `block`
 
 **Traffic**
 
+- [Access Infrastructure Target](#access-infrastructure-target)
+- [Access Private App](#access-private-app)
 - [Application](#application)
 - [Content Categories](#content-categories)
 - [Destination Continent IP Geolocation](#destination-continent)
@@ -232,13 +234,13 @@ Gateway will only log successful override connections in your [network logs](/cl
 
 Gateway matches network traffic against the following selectors, or criteria.
 
-### All Access Private App Destinations
+### Access Infrastructure Target
 
-<Render file="gateway/selectors/all-access-private-app-destinations" />
+<Render file="gateway/selectors/all-access-app-targets" />
 
-### All Access App Targets
+### Access Private App
 
-<Render file="gateway/selectors/all-access-app-targets" />
+<Render file="gateway/selectors/all-access-private-app-destinations" />
 
 ### Application
 

@@ -4,6 +4,6 @@
 
 All [targets](/cloudflare-one/applications/non-http/infrastructure-apps/#1-add-a-target) secured by an [Access infrastructure application](/cloudflare-one/applications/non-http/infrastructure-apps/).
 
-| UI name                | API example     |
-| ---------------------- | --------------- |
-| All Access App Targets | `access.target` |
+| UI name                      | API example     |
+| ---------------------------- | --------------- |
+| Access Infrastructure Target | `access.target` |
@@ -4,6 +4,6 @@
 
 All destination IPs and hostnames secured by an [Access self-hosted private application](/cloudflare-one/applications/non-http/self-hosted-private-app/).
 
-| UI name                             | API example          |
-| ----------------------------------- | -------------------- |
-| All Access Private App Destinations | `access.private_app` |
+| UI name            | API example          |
+| ------------------ | -------------------- |
+| Access Private App | `access.private_app` |