Webserver Access
Native webserver support brings MrZAP technology, policy-based access control, and user visibility for webservers directly into the BastionZero SaaS
BastionZero provides zero-trust remote access to your webserver without creating a single point of compromise. With BastionZero, you can also:
  • Put access to your webserver behind SSO and MFA.
  • Close all ports to your webserver and access to your webserver through VPNs or bastion hosts.
  • Utilize our multi-root zero-trust security model to protect your infrastructure even if your SSO provider is compromised.
  • Use fine-grained access controls defined by SSO users and groups to manage access to and privileges on your webserver, without requiring any IAM roles.
The BastionZero agent can be quickly and easily deployed to your webserver. It is designed to minimize the impact to your established workflows.
See the Webserver Deployment guide for instructions on securing your webserver with BastionZero.
BastionZero's native webserver support utilizes the bzero agent as a transparent proxy to facilitate secure access to your webservers. This proxy must be able to resolve a DNS hostname or reach an IP address as specified in the webserver target configuration. This setup does not require any open ports or publicly available IP addresses.
Users will first establish a secure connection to their webservers using our command-line interface, the zli and can then access their webserver through their web browser.
When connecting to a webserver target, traffic destined for the webserver will use local port forwarding through the zli and the proxy target to make a secure MrZAP connection to the webserver. If allowed access by policy, a new window with the webserver will be returned to the user.
Copy link