diff --git a/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx b/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
index 1e11d687b90b47..3deadfe87cad40 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
@@ -18,6 +18,7 @@ This feature replaces the legacy [private network app type](/cloudflare-one/appl
- Private IPs and hostnames are reachable over Cloudflare WARP, Magic WAN or Browser Isolation. For more details, refer to [Connect a private network](/cloudflare-one/connections/connect-networks/private-net/).
- Private hostnames route to your custom DNS resolver through [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) or [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/).
+- Public IPs and hostnames can be used to define a private application, however the IP or hostname must route through Cloudflare via [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/private-net/cloudflared/), [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/), or [Magic WAN](/magic-wan/configuration/manually/how-to/configure-routes/).
- (Optional) Turn on [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) if you want to use Access JWTs to manage [HTTPS application sessions](#https-applications).
## Add your application to Access
@@ -83,4 +84,4 @@ The WARP client manages sessions for all non-HTTPS applications. Users will rece
### Private hostname vs private IP
-An Access application defined by a private hostname takes precedence over an Access application defined by a private IP. For example, assume App-1 points to `wiki.internal.local` and App-2 points to `10.0.0.1`, but `wiki.internal.local` resolves to `10.0.0.1`. Users who go to `wiki.internal.local` will never match App-2; they will be allowed or blocked strictly based on App-1 Access policies (and [Gateway policies](#access-vs-gateway-policies)).
\ No newline at end of file
+An Access application defined by a private hostname takes precedence over an Access application defined by a private IP. For example, assume App-1 points to `wiki.internal.local` and App-2 points to `10.0.0.1`, but `wiki.internal.local` resolves to `10.0.0.1`. Users who go to `wiki.internal.local` will never match App-2; they will be allowed or blocked strictly based on App-1 Access policies (and [Gateway policies](#access-vs-gateway-policies)).
diff --git a/src/content/partials/cloudflare-one/access/self-hosted-app/generic-public-app.mdx b/src/content/partials/cloudflare-one/access/self-hosted-app/generic-public-app.mdx
index e9d0b98bbebf1a..20549b10d0fe5b 100644
--- a/src/content/partials/cloudflare-one/access/self-hosted-app/generic-public-app.mdx
+++ b/src/content/partials/cloudflare-one/access/self-hosted-app/generic-public-app.mdx
@@ -7,7 +7,7 @@ import { Render } from "~/components"
-6. Select **Add public hostname**.
+6. Select **Add public hostname**.
7.