We have an on-premise installation of campaign and have a whitelist set up on the load balancer so only select ip addresses get to log in and use it. The approach however, prevents webapps from being publicly accessible. Is there a way for us to safely expose the /webapps easily or is this more an OPS/IT question rather campaign? I can only think off setting up Apache with modproxy on some box who's ip has been whitelisted on the elb. Anyone got a similar set up? How would the open/link tracking have gone through if this was the case?