Web Access Advanced Configuration

Web Access Bastion

Cluster Name

clusterName: defaultCluster

Each Bastion is uniquely identified by combining the Privilege Access ID Authentication Method and the Cluster Name.

It means that changing the Privilege Access ID or the Cluster Name of your Bastion instance will create an entirely new Bastion instance.

It is recommended to set a meaningful Cluster Name for your Bastion cluster from the very beginning. By default, your cluster name is defaultCluster.

To do that, you can set the clusterName="meaningful-cluster-name" field as part of the Bastion deployment.

Proxy

To configure your proxy settings, you can set several parameters, including proxy settings for HTTP traffic, HTTPS traffic, and Ignore Hosts, using the no_proxy field, to prevent local traffic from going through your proxy server.

# Linux system HTTP Proxy
httpProxySettings:
  http_proxy: ""
  https_proxy: ""
  no_proxy: ""

Log Forwarding

To enable log forwarding to an existing log management system, please find a list of available target systems and configurations on this page.

logForward: |
       target_log_type="splunk"
       target_splunk_sourcetype=""
       target_splunk_source=""
       target_splunk_index=""
       target_splunk_token=""
       target_splunk_url=""

WebWorker

This section enables global settings of the internal dedicated remote browsers your users will use. You can customize the settings to provide a more flexible experience for your users.

Default policies sections aimed to provide the most secure work mode. By default, all URLs are blocked hence users will not be able to navigate inside the remote browser to different sites. If needed, set the relevant URLs in the Exceptions list.

webWorker:
  config:
    displayWidth: 2560
    displayHeight: 1200
    policies: |
        {
          "policies": {
            "BlockAboutConfig": true,
            "BlockAboutAddons": true,
            "BlockAboutProfiles": true,
            "BlockAboutSupport": true,
            "DisableDeveloperTools": true,
            "DisableFirefoxAccounts": true,
            "DisablePasswordReveal": true,
            "DisablePrivateBrowsing": true,
            "DisableProfileImport": true,
            "DisableSafeMode": true,
            "OfferToSaveLogins": false,
            "OfferToSaveLoginsDefault": false,
            "PasswordManagerEnabled": false,
            "Proxy": {
              "Mode": "none",
              "Locked": true
            },
            "Preferences": {},
            "WebsiteFilter": {
              "Block": [
                "<all_urls>"
              ],
              "Exceptions": [
                "https://*.akeyless.io/*"
              ]
            }
          }
        }

DLP

To work with Data Leak Protection tools, you can explicitly set the target settings of your DLP server, as well as with dedicated audit logs forwarding.

dlp:
  enabled: false
  config:
    hostAddress: ""
    # host/{pathPrefix}
    pathPrefix: ""
    # FORCING or LEARNING
    mode: ""
    logLevel: "INFO"
  audit: |
    target_log_type="splunk"
    target_splunk_sourcetype=""
    target_splunk_source=""
    target_splunk_index=""
    target_splunk_token=""
    target_splunk_url=""

Did this page help you?