MOVEit DMZ offers a unique capability among secure file transfer and processing solutions in its WebPost processor. MOVEit DMZ WebPosts offer ease-of-use in several areas:
Secure Transport & Storage - By pointing existing or new forms to a MOVEit DMZ server, organizations gain not only the transfer security of SSL but the storage security of MOVEit DMZ.
Automatic Thank-You Messages - If the form user fills out a designated email field, a customizable thank you note is immediately sent to this address. (The content of the thank-you note may even include other variables such as a the name of the person filling out the form.)
Automatic Notification - An email notification will be sent to each and every party interested in reviewing the results of web form submissions.
Multiple Views - The individual or collected results of web form submissions may be previewed online, retrieved as a CSV file for import into Excel or similar programs, or as an XML document for a variety of uses.
WebPost Submissions
Forms which take advantage of MOVEit DMZ's WebPost capability may be hosted on the MOVEit DMZ server itself, another secure server or an insecure server. There are advantages and disadvantages of each approach, but ALL approaches will transport data over a secure channel to the MOVEit DMZ server.
WebPosts Submissions from Forms Served by Insecure Servers
Hosting forms on an insecure server has two disadvantages:
No "key" icon indicating a secure transmission will appear in the lower corner of their browser, and
Users must normally correctly answer a transmit to secure server dialog before being allowed to really submit the results of their form.
The advantage of this method is that it is the easiest to integrate into existing websites - especially since they may be using vulnerable software such as Microsoft's FrontPage which should not be installed on sensitive servers such as MOVEit DMZ.
WebPost Submissions from Forms Served by a Remote Secure Server
Hosting forms on a separate secure server will restore the "key" in the lower corner of your user's browser, but it will pop up a different forms submission is being retransmitted to another server message your users must answer correctly before really submitting the results of their form. Besides the "key" the advantage of this method is again the ease of integration into existing systems.
WebPost Submissions from Forms Served by the MOVEit DMZ Server
Hosting forms on the MOVEit DMZ server is the only option which will prevent your users from having to answer any "secure" or "redirect" message, and it also presents the secure key in the corner of their browser. The disadvantage of this method is that it is the hardest to integrate with existing websites.
Pointing Form Data to a MOVEit DMZ
MOVEit DMZ reads several fields from user-defined forms to figure out what to do with them. At a minimum, every form which points to MOVEit DMZ must have the following characteristics:
ACTION = "webpost.aspx": An "action" attribute in the "form" tag which points to a copy of "webpost.aspx" on the secure port of the MOVEit DMZ server. For example: <form method='POST' action='https://moveit.myhost.com/webpost.aspx'>
moveit_org field: A hidden field indicating the ID of the organization this form belongs to. For example: <input type='hidden' name='moveit_org' value='9876'>
moveit_foldername field: A hidden field indicating into which folder results from this form should be stored. For example: <input type='hidden' name='moveit_foldername' value='Marketing Survey'>
Optional fields:
moveit_email field: A normal "text" field into which the person filling out the survey will put his or her email address. When the form is submitted MOVEit DMZ will attempt to send an email "thank you" message to this address AS WELL AS logging the address in a normal "name/value pair" named "email."
moveit_additionalfoldernames: Can contain a semicolon-delimited list of additional foldernames that the form information will be posted to. An additional copy of the form information will be posted to each folder specified, and recipient notifications will be sent, based on the settings for that folder. Sender confirmation messages will not be sent, nor will the folder's response settings be used.
Some caveats:
The names of the tags MUST be spelled exactly as described above, but the names are NOT case-sensitive.
Form field names MUST NOT begin with a number. If a webpost is received with a field name that begins with a number, an error message will be displayed and the post rejected.
If the "moveit_org" tag is provided with an invalid value, the form will not be accepted.
If the "moveit_foldername" tag is provided with the name of a folder which does not exist, a new folder will be created to contain the results of the current post.
You may use JavaScript to screen the values of your fields before submitting the form.
In addition to the contents of the fields just submitted, MOVEit DMZ also logs the following information about each web post:
The IP address from which the form was submitted (i.e., "192.10.3.24")
The name (i.e., "Opera", "Netscape") and version (i.e., "5.5") of the browser used to submit the form
The time and date of the submission
The email address to which the "thank you" message was sent (if the "moveit_email" field is used)
Web Post Form HTML Code
When a webpost folder is viewed, a "cheat sheet" containing code you can cut and paste into your own web forms to get them to post data to this webpost folder is displayed at the bottom of the page.
MOVEit DMZ Form Post Response
By default, MOVEit DMZ reacts to the submission of a new web post by:
Creating a folder for the incoming web post if none exists.
Displaying to the user a generic thank you message that displays your "Banner Logo" (defined on the SETTINGS tab in the Logo and Colors section) and the tracking number of the form results just submitted.
Emailing the user the same generic "thank you" message if they filled out the MOVEit_email field. The format of the email (HTML or text) is determined by the current value of the organization-level Notification Format setting.
Redirecting the user to the "External URL" (defined on the Settings page in Appearance - Brand) after 10 seconds.
However, File Admins and Admins may customize the following behaviors:
The content of the message displayed/emailed when this form is submitted. This message can contain macros which will be resolved into their respective values. Available macros and their definitions are:
[TIME] - The date and time of the webpost submission.
[TRACKINGID] - The ID of the webpost file that was created from the submission data.
[ORGNAME] - The name of the organization the webpost was posted to.
In addition to these macros, any key/value pairs submitted by the post are also available in macro form. For example, if the form post contained a field with the name "name", the value submitted in that field will be available using the macro [name]. Note that this includes the email field that is added to the form data if a moveit_email field is received. As expected, this field can be accessed using a [email] macro.
The subject of the above message. Like the message body, this field supports the use of macros. All the macros available to the message body are also available to the subject.
The banner displayed when this form is submitted.
The URL to which users will be directed when this form is submitted.
The amount of time after which users will be directed to the URL when this form is submitted (Immediate is an option).
All of these behaviors are controlled in the Change Web Post Response... section on any webpost folder settings page.
Note: The Response Banner settings are separate from the other settings; you must press the Update Web Response Settings button to save the URL, Redirect or Message settings BEFORE working with the custom banner.)
