From c08469fd664ed9dc89cda88633978a14217a1275 Mon Sep 17 00:00:00 2001 From: Nic <123965403+ngayerie@users.noreply.github.com> Date: Fri, 18 Oct 2024 17:37:11 +0200 Subject: [PATCH] [SSL] Add callout regarding SaaS in AOP docs (#17225) * [SSL] Update zone-level.mdx PCX-13840 / CUSTESC-42471 * Update zone-level.mdx * Introduce AOP acronym and link out to custom hostnames docs --------- Co-authored-by: Rebecca Tamachiro --- .../authenticated-origin-pull/index.mdx | 2 +- .../authenticated-origin-pull/set-up/zone-level.mdx | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/index.mdx b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/index.mdx index e08968f5edba45..de6cae9d4f8c14 100644 --- a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/index.mdx +++ b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/index.mdx @@ -11,7 +11,7 @@ description: Authenticated Origin Pulls helps ensure requests to your origin import { FeatureTable } from "~/components" -Authenticated Origin Pulls helps ensure requests to your origin server come from the Cloudflare network, which provides an additional layer of security on top of [Full](/ssl/origin-configuration/ssl-modes/full/) or [Full (strict)](/ssl/origin-configuration/ssl-modes/full-strict/) encryption modes. +Authenticated Origin Pulls (AOP) helps ensure requests to your origin server come from the Cloudflare network, which provides an additional layer of security on top of [Full](/ssl/origin-configuration/ssl-modes/full/) or [Full (strict)](/ssl/origin-configuration/ssl-modes/full-strict/) encryption modes. This authentication becomes particularly important with the [Cloudflare Web Application Firewall (WAF)](/waf/). Together with the WAF, you can make sure that **all traffic** is evaluated before receiving a response from your origin server. diff --git a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx index bbc2d95e082a4c..b6f293472638d1 100644 --- a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx +++ b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/set-up/zone-level.mdx @@ -11,12 +11,19 @@ head: import { AvailableNotifications, Render } from "~/components" -When you enable Authenticated Origin Pulls for a zone, all proxied traffic to your zone is authenticated at the origin web server. +When you enable Authenticated Origin Pulls (AOP) for a zone, all proxied traffic to your zone is authenticated at the origin web server. ## Before you begin Make sure your zone is using an [SSL/TLS encryption mode](/ssl/origin-configuration/ssl-modes/) of **Full** or higher. +:::caution + +Zone-level AOP certificates are also applied to [custom hostnames](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/) configured on a Cloudflare for SaaS zone. +If you need a different AOP certificate to apply to different custom hostnames, use [Per-hostname AOP](/ssl/origin-configuration/authenticated-origin-pull/set-up/per-hostname/). + +::: + ## 1. Upload certificate to origin First, upload a certificate to your origin.