Creating a Web Server for Action Tracking Only

Some security-conscious administrators of Aurea List Manager may want to use a stripped-down version of the Aurea List Manager Web Server that can be used for action tracking only, not for administrator or discussion forum access. They may then make this web interface available outside their firewall, while having the complete version accessible inside for administrative purposes.

By stripping out these interfaces, the only interaction that an outside user can have is to get responses to tracking-type events, such as clickthroughs, clickstreams, Interest Tracking, and Purchase Tracking.

Check with your sales representative before you create a second webserver; most ListManager licenses are restricted to allowing one webserver to connect to a ListManager instance

Installing and configuring the secondary Webserver

The secondary (secure) webserver can be run on the same machine as Aurea List Manager and the primary (admin) webserver, or set up on another machine. In order for the secondary webserver to run on the same machine as the primary webserver, it's necessary that the combination of IP address and port number are unique. The best practice would be to have two IP addresses on the machine, and have each webserver bind to one of the IP addresses. Then access to the webserver can be controlled at the corporate (or even machine) firewall.

Below are the steps for creating the secondary web server:

Secondary Web Server

1. Check with your sales representative before you create a second webserver; most Aurea List Manager licenses are restricted to allowing one webserver to connect to a Aurea List Manager instance.
2. If installing on a secondary machine, run the Aurea List Manager installer on the secondary machine. Provide bogus information for the database configuration, and skip over database creation.
3. Copy the whole tclweb directory structure to a new location (either on the same server or to another server)
4. Edit the tclhttpd.rc to specify the IP address and port number for the server. You have to edit the following entries.
• Config host
• Config https_host
• Config port
• Config ipaddr
• Config https_ipaddr
• Config tclport_ip (IP address of the server hosting ListManager).
5. If the webserver is installed on another server, you have to specifically allow it to connect in ListManager's GUI security settings. In the left Navigation bar, click Utilities: Administration: Server: Server Settings: Security: GUI Hosts, and add the IP address of the webserver host to the TCLPORT hosts textbox

Secondary Webserver Service

To install the secondary webserver as a Windows service on the same host as the primary server:

1. Copy tclweb\bin\reg.txt to reg2.txt, replace ListManagerWeb with ListManagerWeb2 where ever it appears.
2. Fix the directory path in these two variables:
• Application
• AppDirectory
3. Copy tclweb\bin\mksrv.bat to mksrv2.bat, replace ListManagerWeb with ListManagerWeb2 and reg.txt with reg2.txt, where ever they appear.
4. Run mksvr2.bat to install the ListManagerWeb2 service, and make sure it runs.

Securing the secondary webserver

1. Open a command prompt.
2. Change directory to ~tclweb/htdocs/css.
3. Remove all files in the css directory except .tclaccess.
4. Change directory to ~tclweb/htdocs, and then remove all subdirectories EXCEPT css, libtml, img, scripts, subscribe, templates and utilities.
5. Change directory to ~tclweb/htdocs/utilities and remove everything except the directory path utilities/debug/logs (needed for web logs) and the file utilities/tclhttpd/notfound.html.
6. Change directory to ~tclweb/htdocs and remove all files with the pattern *.* except home.tcl, .tml and sitemap.tcl. The above steps should leave you with the following in the htdocs directory:

Subdirectories:

• css
• img
• libtml
• scripts
• subscribe
• templates
• utilities

Files:

• .tml
• home.tcl. (These files need to be present for the webserver to function.)
• sitemap.tcl
7. Change directory to ~tclweb/htdocs and replace the contents of sitemap.tcl with:

proc get_sitemap_data {} {
    return ""
}
set sitemap_proc get_sitemap_data

*Note: If a browser is pointed to the stripped-down web interface, a page with URL not found is displayed. 

Once you have created a stripped-down web interface, you now have to redirect users to use this secure webserver instead of your administration web server. In the administrative web interface, go to Utilities: Administration: Sites: Edit Site: Essentials and add the URL for the secure webserver to URL to Web Interface. All future clickthroughs are sent through that webserver.

Additional steps can be taken to lock down privileges in a manner that can be used in conjunction with the above steps, or instead of those steps.

Aurea List Manager allows you to lock-down the IP addresses of users who are allowed to log in as certain roles. In the Server settings, you can go to Utilities: Administration: Server: Server Settings: Security: Web, and provide IP addresses and IP address ranges for allowing logins. Typically, you might have the following entries:

10.0.0-10.255.255
127.0.1

which would allow you to access the interface from the internal network only, and from the machine hosting the web server. You need to adjust the ranges for your network, and you can add IP addresses for people outside your network to log in as administrators as well.