# Web Server Access

{% hint style="danger" %}

### <mark style="color:red;">**The BastionZero product is maintained for existing BastionZero customers only.**</mark>&#x20;

Moving forward, we are natively rebuilding BastionZero’s technology as Cloudflare’s [Access for Infrastructure](https://developers.cloudflare.com/cloudflare-one/applications/non-http/infrastructure-apps/) service.
{% endhint %}

BastionZero provides zero trust remote access to your web server without creating a single point of compromise. With BastionZero, you can also:

* Put access to your web server behind SSO and MFA.
* Close all ports to your web server and access to your web server through VPNs or bastion hosts.
* Utilize our multi-root zero trust security model to protect your infrastructure even if your SSO provider is compromised.
* Use fine-grained access controls defined by SSO users and groups to manage access to and privileges on your web server, without requiring any IAM roles.

The BastionZero agent can be quickly and easily deployed to your web server. It is designed to minimize the impact to your established workflows.

{% hint style="info" %}
See the [Web server Deployment](/docs/deployment/installing-the-agent.md#webservers) guide for instructions on securing your web server with BastionZero.
{% endhint %}

BastionZero's native web server support utilizes the `bzero` agent as a transparent proxy to facilitate secure access to your web servers. This proxy must be able to resolve a DNS hostname or reach an IP address as specified in the web server target configuration. This setup does not require any open ports or publicly available IP addresses.

Users will first establish a secure connection to their web servers using our command-line interface, the `zli` and can then access their web server through their web browser.

When connecting to a web server target, traffic destined for the web server will use local port forwarding through the `zli` and the proxy target to make a secure MrZAP connection to the web server. If allowed access by policy, a new window with the web server will be returned to the user.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bastionzero.com/docs/home/readme/webserver-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.