Solutions
By Need
JavaScript Protection
Magecart Mitigation
Mobile App Protection
Data Leakage Prevention
Third Party Control
Customer Hijacking Prevention
User Data Protection & Compliance
By Sector
Financial Services
IT & Software
E-Commerce
Healthcare
Media & OTT
Gaming & Gambling
Products
Code Integrity
Application Shielding
Runtime Protection
JavaScript Threat Monitoring
Webpage Integrity
Webpage Inventory
Third Party Management
User Data Management
Webpage Threat Mitigation
Resources
Partners
Docs
Blog
Learning Hub
Help Center > Code Integrity > Documentation > Transformations > Domain Lock

Domain Lock

Potency Medium
Resilience Medium
Cost Medium
Tags: domain, lock, IP, code lock

Description

Domain Lock locks code to a specific domain name or IP address. This is a good transformation to avoid someone stealing the protected code and running it on their own domain or locally. This is also a good transformation to enforce license agreements. Countermeasures can be specified (optionally) to be executed when the code runs in any other domain/IP.

Consider combining this transformation with obfuscation transformations to harden the resulting code making it more resilient to automated de-obfuscator tools and harder to understand by a human. You may also find useful to combine this transformation with other locks:

Input Examples

  • mywebsite.com - Code will break if not running inside the mywebsite.com domain
  • mywebsite.com, www.mywebsite.com - Code will break if not running inside either mywebsite.com or www.mywebsite.com
  • *.mywebsite.com - Code will break if not running inside of its sub-domains
  • ?.mywebsite.com - Code will break if not running inside mywebsite.com or one of its sub-domains
  • 192.168.* - Code will break if not running in an IP inside the 192.168. network
  • file://Users/you/* - Code will break if not running inside your user directory

Code Annotation Example

// @jscrambler define domainLock {domains: [example.com], countermeasures: {breakApplication: 1, customCallback: report.callbackFunction}} as dl1
// @jscrambler enable dl1

Option Types

Name Required Default Value Description
domains Yes N/A List of domains/IPs where the code is allowed to run (Supports wildcard to match sub-domains, IP network, and IP host range).
countermeasures Yes {"deleteCookies": false,"breakApplication": true,"realTimeNotifications": false,"dataExfiltrationPrevention": false,"selfDestruct": false} List of available countermeasures

Countermeasures

Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
breakApplication Breaks the application's functionality.
realTimeNotifications Sends a notification when a violation occurs.
dataExfiltrationPrevention Prevents a malicious actor from carrying out an unauthorized data transfer by blocking network requests.
selfDestruct Attempts to damage the state and behavior of the application and/or the environment that is running the application.

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 80+ 80+
Firefox 90+ 90+
Internet Explorer 9+ 8+
Microsoft Edge 116+ 116+
Safari 13.1+ 13.1+

API Parameters

Example:

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "domainLock",
      "options": {
        "domains": [
          "VALUE1",
          "VALUE2"
        ],
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "breakApplication": true,
          "realTimeNotifications": false,
          "dataExfiltrationPrevention": false,
          "selfDestruct": false
        }
      }
    }
  ]
}