FeaturesMain SiteSign In / Try Now
Search…
Home
What Is BastionZero?
Server Access
Database Access
Kubernetes Access
Webserver Access
Product Security
Architecture
Taxonomy
Deployment
Getting Started
Installing the ZLI
Installing the Agent
Automation & Integrations
Third-Party Clients
Admin Guide
Authentication
Authorization
Auditing
Target and Connection Management
User Guide
Installing the ZLI
ZLI Cheat Sheet
Connecting To Your Targets
Troubleshooting Guide
ZLI Reference Manual
API Specification
Getting Help
Product Changes
Service Status
Github
Powered By GitBook
Webserver Access
Native webserver support brings MrZAP technology, policy-based access control, and user visibility for webservers directly into the BastionZero SaaS
BastionZero provides zero-trust remote access to your webserver without creating a single point of compromise. With BastionZero, you can also:
  • Put access to your webserver behind SSO and MFA.
  • Close all ports to your webserver and access to your webserver through VPNs or bastion hosts.
  • Utilize our multi-root zero-trust security model to protect your infrastructure even if your SSO provider is compromised.
  • Use fine-grained access controls defined by SSO users and groups to manage access to and privileges on your webserver, without requiring any IAM roles.
The BastionZero agent can be quickly and easily deployed to your webserver. It is designed to minimize the impact to your established workflows.
See the Webserver Deployment guide for instructions on securing your webserver with BastionZero.
BastionZero's native webserver support utilizes the bzero agent as a transparent proxy to facilitate secure access to your webservers. This proxy must be able to resolve a DNS hostname or reach an IP address as specified in the webserver target configuration. This setup does not require any open ports or publicly available IP addresses.
Users will first establish a secure connection to their webservers using our command-line interface, the zli and can then access their webserver through their web browser.
When connecting to a webserver target, traffic destined for the webserver will use local port forwarding through the zli and the proxy target to make a secure MrZAP connection to the webserver. If allowed access by policy, a new window with the webserver will be returned to the user.
Previous
Kubernetes Access
Next - Home
Product Security
Last modified 4mo ago
Copy link