0
I am trying to figure out how to deny access of a font on a website from external access.
This means the user should be denied if they point their browser to the url
While still allowing the css url() function to load it... I'm hosting the site on hostmonster, so I can only change the .htaccess file...
Thanks...
Luke San Antonio Bialecki
Posted 2013-02-19T02:16:48.083
Reputation: 125
1
This isn't impossible to work around, but accessing a file directly that forms part of your site is called "hotlinking", and you can block it in .htaccess by checking the referer of the call. If the person is viewing your site when they request the file, their referer should be your website address. It is pretty easy to circumvent, but should prevent casual downloading.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(woff|ttf)$ - [F]
So this is saying, If the referrer is not empty, and does not contain my website address, then respond to any attempts to download a file ending in .woff or .ttf with a 403 Forbidden error.
You'll want to change the domain to match your own, and make sure the font suffixes you use are present.
Paul
Posted 2013-02-19T02:16:48.083
Reputation: 52 173
hmpf, this is exactly what I wanted, thanks... – Luke San Antonio Bialecki – 2013-02-19T03:17:31.497
This isn't possible. In order for a user to display a font, they need to download it to their machine. If you block the font from being downloaded, then the css url() function will not work. Remember that everything happens in the browser when it comes to rendering. – Paul – 2013-02-19T02:18:42.107
I see. I do understand that, I was hoping though, that there would be a possibility to restrict at least the superficial download, which is with a direct url... Thanks though, post an answer and I will accept it... – Luke San Antonio Bialecki – 2013-02-19T02:20:57.330
Ok, you could try hotlink prevention, see my answer below. – Paul – 2013-02-19T03:08:22.787