How to protecting the webfont files - Fabrizio Schiavi Design

How to protecting the webfonts files

To make impossible to link or to download the webfont files of your web site, please follow these instructions

1.

After uploaded the webfont files onto to your site www.example.com into a subdirectory called /fonts/ find or make a new file named .htaccess inside this directory and paste these lines into it:

RewriteEngine On RewriteCond %{HTTP:Origin} !^$|http(s)?://(www\.)?example\.(com|local)$ [NC] RewriteRule \.(woff|eot|ttf|woff2|svg)$ - [NC,L] RewriteCond %{HTTP_REFERER} !. RewriteRule \.(woff|eot|ttf|woff2|svg)$ - [F,NC,L] Options -Indexes

Replace example.com by your own host name. The dot must be preceded by a backslash. The regular expression (www\.)? means that both URLs with and without the ‘www’ prefix are valid for your site, and (s)? means that your site may be accessed via HTTPS or plain HTTP.

Requests for all files ending in .woff or .eot with an origin HTTP header (i. e. request coming from a site other than your own) or an empty referrer will now receive an HTTP error 403 (‘forbidden’). The line Options -Indexes disables the file listing for the fonts directory.

If you get an HTTP error 500 (‘internal server error’) after editing the .htaccess file or if the file has no effect, your server probably does not allow changing configuration settings this way. In case you can’t or don’t want to use an .htaccess file, you can put these lines directly into your Apache configuration. Please refer to the server documentation if you’re not sure where to put them exactly.

If you are using Internet Information Server, you can convert the above configuration from Apache-style to IIS rewrite rules. See Importing Apache mod_rewrite Rules for details.

There are circumstances in which referrer information is not sent when it should be, e. g. if a website visitor uses certain ad-blocking plug-ins. In this rare case the above configuration will cause fallback fonts to be displayed instead of your specified webfonts.

2.

Another way to avoid hotlinking in CloudFlare put the font files in a directory named hotlink-ok

3.

To avoid the font files download change the permission of the font files directory of your site from 755 to 700.

You can do this using control panel of the hosting of your site or ftp apps like FileZilla.

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
disqus_unique	1 year	Set to record internal statistics for anonymous visitors.

Cookie	Duration	Description
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
m	2 years	No description available.
wp_woocommerce_session_dcaab213aa96d962dc975aa5fc3b30c8	2 days	No description