Tips, News and Comments on HTML Guard


January 21st, 2010, by Andreas

HTML Guard 3.2.0

I’m pleased to announce the release of HTML Guard Version 3.2.0. This update is free for all registered users of the previous 3.x versions. To upgrade, just download and install the setup file from here.

Additional “Page-napping” Settings

The program now lets you specify exactly what you want to happen when it restricts your page from being framed or used by another website.

You can either provide text to be displayed in a message box, or you may enter some JavaScript code that will be executed by the browser.

Integrated Crash Reporter

Another addition to HTML Guard is a function for sending bug reports when errors crash the program.

I really hope you never have to deal with this function!

Full Release Notes

A detailed list of changes is included as part of HTML Guard’s help file and is available here.

December 20th, 2009, by Andreas

Happy Holidays …

… and Best Wishes for the New Year!

Happy New Year 2010

November 23rd, 2009, by Andreas

Password-Protection with .htaccess

When surfing the web, you may have come across web pages that prompt you to provide a username and password with a dialog box like the one below:

.htaccess Password Protection

Implementing this kind of password protection is actually fairly easy and requires only a few steps:

  1. Create a text file (usually named “.htpasswd”) which stores the allowed usernames and passwords.
  2. Insert a few lines of code to an “.htaccess” file (which I introduced in my last article).

.htpasswd File

A typical “.htpasswd” file looks like this:

john:hjEnaBHSVih/2
jane:nwFprWeMvftDc

Each line in the file contains a username and an encrypted password separated by a colon. To create your own password entries, you can use this simple .htpasswd generator.

The .htpasswd file should be uploaded to a directory that is not accessible to web surfers (such as the protected directory or the directory above your www root folder). When uploading the file, be sure to use ASCII mode (rather than binary mode).

.htaccess File

The .htaccess file should contain the following code:

AuthName "Restricted Directory"
AuthType Basic
AuthUserFile /user/home/www/directory/.htpasswd
AuthGroupFile /dev/null
require valid-user

Make sure that the path specified in the “AuthUserFile” directive points to the .htpasswd file on your web server. Upload the edited file into the directory you want to protect.

November 7th, 2009, by Andreas

Introducing .htaccess

In this article, I will introduce you to .htaccess, a simple configuration file that lets you control many aspects of your web server. This article is intended to serve as a reference for upcoming posts that will explore how to use .htaccess for content protection.

What is an .htaccess File?

.htaccess IntroductionAn .htaccess file is a plain text file that allows you to make changes to the configuration of your web server. When placing the file in a particular directory, the configuration directives contained therein are applied to that directory and all its subdirectories.

Although .htaccess files can be used on many different web servers (most commonly Apache), your hosting company might restrict certain directives or block the use of .htaccess completely. If you are not certain whether configuration via .htaccess is available on your server, you should simply ask your web host.

Common Usages of .htaccess

There are a huge variety of things you are able to do with .htaccess, including:

  • Password protect folders
  • Redirect file requests to a new location
  • Ban users with certain IP addresses
  • Block downloads from foreign domains
  • Stop directory listings
  • Control how web pages are cached
  • Provide custom error pages

Creating Your own .htaccess File

All you need to create an .htaccess file is a simple text file editor. Just open Notepad, or any other editor, type the required code and save the file, calling it exactly “.htaccess” (without the quotation marks). If Notepad doesn’t let you save the file without adding the file extension “.txt”, make sure “All Files” is selected in the “Save as type” drop-down menu. If that still doesn’t work, you can click here to download a blank .htaccess file with which to start.

After your file is ready, you must upload it to your web server using an FTP program like FileZilla or WinSCP. Because the .htaccess file is read on every single request, the directives found in the file will take effect immediately and don’t require a server reset.

Conclusion

.htaccess files are a very useful tool in web design and server administration. In the following articles, I will provide you with detailed examples of how to make use of the manifold possibilities of the .htaccess file.

October 1st, 2009, by Andreas

HTML Guard Version 3.1.0 Released

I’m pleased to announce that today we are releasing version 3.1.0 of HTML Guard. Two of the most notable new features are detailed below, while the full list of changes is available here.

JavaScript Code Compression

With this new version of HTML Guard, you can compress the JavaScript code in your web pages. This makes the code less readable for others and reduces the time necessary to download the page content.

HTML Guard - Compress Javascript Code

For example, when you let HTML Guard compress the anti-right click code presented in a previous article, the program will cut the code down from 39 lines to the following:

<script language="JavaScript" type="text/javascript"><!--
var onlyOnImages=false;var isIE5=document.all&&document.getElementById;
var isMoz=!isIE5&&document.getElementById;function cancelContextMenu(e){
return false;}function onContextMenu(e){if(!onlyOnImages||(isIE5&&
event.srcElement.tagName=="IMG")||(IsMoz&&e.target.tagName=="IMG")){
return cancelContextMenu(e);}}if(document.getElementById){
document.oncontextmenu=onContextMenu;}
--></script>

Backup to Zip

Another new feature in HTML Guard Version 3.1.0 is the ability to store backup copies in a zip file.

HTML Guard - Zip Backup

Zip compression helps save storage space and keeps all your backup files in a single archive.

HTML Guard - Zip Backup Sample File

September 11th, 2009, by Andreas

About HTML Source Code Encryption

What Is HTML Encryption?

One major reason for the success of the World Wide Web is undeniably the openness of HTML. HTML files are basically plain text documents, meaning software applications and human users can easily create, read, and update web pages. The open nature of HTML not only allows users to edit websites with nothing more than a simple text editor, it also enables search engines to spider the web and forms the basis for a wide range of web-related applications for any platform you can imagine.

However, as a web designer or website owner you may encounter situations in which you feel a need for protecting your HTML, CSS or JavaScript code from being viewed and reused – for example, when you want to:

  • keep spam robots from harvesting email addresses from your pages.
  • safely email a website design preview to a customer before payment receipt.
  • stop competitors from studying and borrowing your fancy, hand-crafted JavaScript code.
  • prevent search engines from indexing and caching the phone number(s) listed on your contact page.
  • keep automated downloaders like WebZip or Teleport from copying your entire website.
  • bypass content filters imposed by companies, service providers, or governments.

In these situations HTML encryption is a viable option.

How It Works

HTML encryption/decryption techniques are based on JavaScript. The encrypted HTML code, which is saved inside the HTML document, is decrypted at runtime through JavaScript and written directly into the browser window using the document.write(…) function. This ensures that any JavaScript-enabled web browser can load and display the pages without additional components or plugins.

Any Drawbacks? How Secure Is This?

The following drawbacks should be considered before applying HTML encryption to your code:

  • Only users with JavaScript enabled in their browser will be able to view the pages.
  • Encrypted code cannot be analyzed by Google, which may hurt your search engine rankings.
  • The necessary decryption processing may slow down the page loading (although with modern high-speed computers, this is not really an issue).

In regard to security, you shouldn’t expect too much of HTML encryption. As the decryption algorithm is embedded into the pages, anyone with enough JavaScript knowledge and a bit of time can reverse engineer the code. Additionally, there are browser extensions available that can display the rendered (= decrypted) source code of the currently loaded web page. Nevertheless, the obfuscated code should be “Greek” to most users, therefore providing a certain degree of protection against illegal copying.

Encryption Methods

There are several different ways of encrypting/decrypting HTML pages via JavaScript, some of which I will describe here.

Escape Method

An easy way to obscure HTML code is to replace its characters with escape codes. Escape codes consist of a % sign followed by a hexadecimal representation of the character. For example, the letter A becomes code %41, where 41 is the hexadecimal form of the decimal number 65, which in turn is the ASCII representation of a capital A.

As the JavaScript language includes an unescape() function for decoding escape sequences, no special decryption algorithm is required. So, if you want the browser to output your escaped code, you could do something like:

document.write(unescape("%48%61%6C%6C%6F%20%57%65%6C%74%21"));

(Output: “Hello World!”)

To escape your own code you may use the this page.

Rot13 Method

Rot13 is a method of text obfuscation in which every character is replaced with the character that is 13 places away in the Latin alphabet. It is rumored that this method of encryption was invented by Julius Caesar to send coded messages to his generals.

The following script provides a very comprehensive JavaScript implementation of the Rot13 algorithm:

function rot13(input) {
  return input.replace(/[a-zA-Z]/g,
    function(ch) {
      return String.fromCharCode((ch <= "Z" ? 90 : 122) >=
        (ch = ch.charCodeAt(0) + 13) ? ch : ch - 26);
  });
}

Using the above rot13() function the following code outputs “Hello World!” to the browser window:

document.write(rot13("Uryyb Jbeyq!"));

To obfuscate your own code with Rot13 please visit this page.

Base64 Method

Base64 is a way of encoding arbitrary text into a sequence of printable ASCII characters. The 64 characters within the Base64 alphabet are A-Z, a-z, 0-9, + and /. More details on the functions and uses of Base64 can be found in the corresponding Wikipedia article.

A simple JavaScript function for Base64 decoding can be found below:

function decode64(input) {
  var base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdef" +
    "ghijklmnopqrstuvwxyz0123456789+/=";
  var output = "";
  var ch1, ch2, ch3, enc1, enc2, enc3, enc4;
  var i = 0;
 
  input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
  do {
    enc1 = base64.indexOf(input.charAt(i++));
    enc2 = base64.indexOf(input.charAt(i++));
    enc3 = base64.indexOf(input.charAt(i++));
    enc4 = base64.indexOf(input.charAt(i++));
 
    ch1 = (enc1 << 2) | (enc2 >> 4);
    ch2 = ((enc2 & 15) << 4) | (enc3 >> 2);
    ch3 = ((enc3 & 3) << 6) | enc4;
 
    output = output + String.fromCharCode(ch1);
 
    if (enc3 != 64) output = output + String.fromCharCode(ch2);
    if (enc4 != 64) output = output + String.fromCharCode(ch3);
 
    ch1 = ch2 = ch3 = "";
    enc1 = enc2 = enc3 = enc4 = "";
 
  } while (i < input.length);
 
  return output;
}

The following line of code uses the decode64() function to write “Hello World!” to the browser:

document.write(decode64("SGVsbG8gV29ybGQh"));

A form for encoding your own code with Base64 can be found here.

Encrypting Web Pages with HTML Guard

A very easy and painless way to encrypt HTML documents is to use HTML Guard, our software solution for protecting web pages from code and content theft. HTML Guard allows you to choose the parts of your web pages you want to encrypt and lets you process hundreds or thousands of files at the touch of a button. Furthermore, the obfuscation and protection techniques used by HTML Guard are much more sophisticated than the ones presented here. For instance, each processed HTML page is encrypted with a different key and uses different variable names in the JavaScript code, which makes the encryption more difficult to break.

« Older Entries
Newer Entries »