The goal is to prevent the casual visitor from typing the path of the
file “font.otf” into a browser and downloading it. I’m not expecting
an airtight solution but any extra blocks (however easily beaten)
would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific file is
easy, the problem is it also prevents the file from being rendered in
the browser. What I’ve been unable to learn is if it’s possible, using
mod_rewrite, to prevent someone from downloading the file (by typing
in the path) while still keeping the file accessible for inclusion in
the rendered page?
I started going over the Apache docs last night and have tried several
examples but in the end the file ,while not accessible for
downloading, is blocked across the board. Am I way off the mark in
thinking something like this is even possible?
If I’m reading this correctly, it will send a 403 to any request for a
file within that directory that does not originate from your domain.
Since your page requests the font file (the visitor doesn’t request it
directly) I believe this might work. It’s how images work, and I found
out quite a lot about image requests while building FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the path of
the file “font.otf” into a browser and downloading it. I’m not
expecting an airtight solution but any extra blocks (however easily
beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific file is
easy, the problem is it also prevents the file from being rendered
in the browser. What I’ve been unable to learn is if it’s possible,
using mod_rewrite, to prevent someone from downloading the file (by
typing in the path) while still keeping the file accessible for
inclusion in the rendered page?
I started going over the Apache docs last night and have tried
several examples but in the end the file ,while not accessible for
downloading, is blocked across the board. Am I way off the mark in
thinking something like this is even possible?
If I’m reading this correctly, it will send a 403 to any request for
a file within that directory that does not originate from your
domain. Since your page requests the font file (the visitor doesn’t
request it directly) I believe this might work. It’s how images
work, and I found out quite a lot about image requests while
building FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the path of
the file “font.otf” into a browser and downloading it. I’m not
expecting an airtight solution but any extra blocks (however easily
beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific file is
easy, the problem is it also prevents the file from being rendered
in the browser. What I’ve been unable to learn is if it’s possible,
using mod_rewrite, to prevent someone from downloading the file (by
typing in the path) while still keeping the file accessible for
inclusion in the rendered page?
I started going over the Apache docs last night and have tried
several examples but in the end the file ,while not accessible for
downloading, is blocked across the board. Am I way off the mark in
thinking something like this is even possible?
That’s strange. Do you have access to your raw server logs on that
machine? It would be instructive to see what the actual hits for the
font file look like. I’m guessing they are 200 status, but what else
is in them? Is the referer being set and populated to your server’s
address? Or maybe that only happens on cross-domain requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File blocked
but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any request
for a file within that directory that does not originate from your
domain. Since your page requests the font file (the visitor doesn’t
request it directly) I believe this might work. It’s how images
work, and I found out quite a lot about image requests while
building FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the path of
the file “font.otf” into a browser and downloading it. I’m not
expecting an airtight solution but any extra blocks (however
easily beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific file is
easy, the problem is it also prevents the file from being rendered
in the browser. What I’ve been unable to learn is if it’s
possible, using mod_rewrite, to prevent someone from downloading
the file (by typing in the path) while still keeping the file
accessible for inclusion in the rendered page?
I started going over the Apache docs last night and have tried
several examples but in the end the file ,while not accessible for
downloading, is blocked across the board. Am I way off the mark in
thinking something like this is even possible?
On the remote server I don’t believe I have access to those logs but
locally I’m running/testing the site under MAMP so would those logs be
present? This is an area I’m not familiar with so it may be a dumb
question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs on that
machine? It would be instructive to see what the actual hits for the
font file look like. I’m guessing they are 200 status, but what else
is in them? Is the referer being set and populated to your server’s
address? Or maybe that only happens on cross-domain requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File blocked
but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any request
for a file within that directory that does not originate from your
domain. Since your page requests the font file (the visitor
doesn’t request it directly) I believe this might work. It’s how
images work, and I found out quite a lot about image requests
while building FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the path of
the file “font.otf” into a browser and downloading it. I’m not
expecting an airtight solution but any extra blocks (however
easily beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific file is
easy, the problem is it also prevents the file from being
rendered in the browser. What I’ve been unable to learn is if
it’s possible, using mod_rewrite, to prevent someone from
downloading the file (by typing in the path) while still keeping
the file accessible for inclusion in the rendered page?
I started going over the Apache docs last night and have tried
several examples but in the end the file ,while not accessible
for downloading, is blocked across the board. Am I way off the
mark in thinking something like this is even possible?
Try looking around in your MAMP environment folder for the var/logs
folder, or similar. You want a file called access.log, in the same
folder as a bunch of numbered versions of that file, along with
error.log and its cousins.
Walter
On Mar 15, 2010, at 8:26 PM, Todd wrote:
On the remote server I don’t believe I have access to those logs but
locally I’m running/testing the site under MAMP so would those logs
be present? This is an area I’m not familiar with so it may be a
dumb question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs on that
machine? It would be instructive to see what the actual hits for
the font file look like. I’m guessing they are 200 status, but what
else is in them? Is the referer being set and populated to your
server’s address? Or maybe that only happens on cross-domain
requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File blocked
but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any request
for a file within that directory that does not originate from
your domain. Since your page requests the font file (the visitor
doesn’t request it directly) I believe this might work. It’s how
images work, and I found out quite a lot about image requests
while building FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the path
of the file “font.otf” into a browser and downloading it. I’m
not expecting an airtight solution but any extra blocks (however
easily beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific file
is easy, the problem is it also prevents the file from being
rendered in the browser. What I’ve been unable to learn is if
it’s possible, using mod_rewrite, to prevent someone from
downloading the file (by typing in the path) while still keeping
the file accessible for inclusion in the rendered page?
I started going over the Apache docs last night and have tried
several examples but in the end the file ,while not accessible
for downloading, is blocked across the board. Am I way off the
mark in thinking something like this is even possible?
I see 4 error .log files: apache_error.log, mysql_error.log,
php_error.log, mysql_error.err but no access.log.
T.
On Mar 15, 2010, at 8:36 PM, Walter Lee Davis wrote:
Try looking around in your MAMP environment folder for the var/logs
folder, or similar. You want a file called access.log, in the same
folder as a bunch of numbered versions of that file, along with
error.log and its cousins.
Walter
On Mar 15, 2010, at 8:26 PM, Todd wrote:
On the remote server I don’t believe I have access to those logs
but locally I’m running/testing the site under MAMP so would those
logs be present? This is an area I’m not familiar with so it may be
a dumb question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs on that
machine? It would be instructive to see what the actual hits for
the font file look like. I’m guessing they are 200 status, but
what else is in them? Is the referer being set and populated to
your server’s address? Or maybe that only happens on cross-domain
requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File blocked
but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any request
for a file within that directory that does not originate from
your domain. Since your page requests the font file (the visitor
doesn’t request it directly) I believe this might work. It’s how
images work, and I found out quite a lot about image requests
while building FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the path
of the file “font.otf” into a browser and downloading it. I’m
not expecting an airtight solution but any extra blocks
(however easily beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific file
is easy, the problem is it also prevents the file from being
rendered in the browser. What I’ve been unable to learn is if
it’s possible, using mod_rewrite, to prevent someone from
downloading the file (by typing in the path) while still
keeping the file accessible for inclusion in the rendered page?
I started going over the Apache docs last night and have tried
several examples but in the end the file ,while not accessible
for downloading, is blocked across the board. Am I way off the
mark in thinking something like this is even possible?
I’ve never used MAMP, so I’m not sure where it puts this stuff. What
version of Apache are you running?
Walter
On Mar 15, 2010, at 10:12 PM, Todd wrote:
I see 4 error .log files: apache_error.log, mysql_error.log,
php_error.log, mysql_error.err but no access.log.
T.
On Mar 15, 2010, at 8:36 PM, Walter Lee Davis wrote:
Try looking around in your MAMP environment folder for the var/logs
folder, or similar. You want a file called access.log, in the same
folder as a bunch of numbered versions of that file, along with
error.log and its cousins.
Walter
On Mar 15, 2010, at 8:26 PM, Todd wrote:
On the remote server I don’t believe I have access to those logs
but locally I’m running/testing the site under MAMP so would those
logs be present? This is an area I’m not familiar with so it may
be a dumb question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs on
that machine? It would be instructive to see what the actual hits
for the font file look like. I’m guessing they are 200 status,
but what else is in them? Is the referer being set and populated
to your server’s address? Or maybe that only happens on cross-
domain requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File
blocked but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any
request for a file within that directory that does not
originate from your domain. Since your page requests the font
file (the visitor doesn’t request it directly) I believe this
might work. It’s how images work, and I found out quite a lot
about image requests while building FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the path
of the file “font.otf” into a browser and downloading it. I’m
not expecting an airtight solution but any extra blocks
(however easily beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific file
is easy, the problem is it also prevents the file from being
rendered in the browser. What I’ve been unable to learn is if
it’s possible, using mod_rewrite, to prevent someone from
downloading the file (by typing in the path) while still
keeping the file accessible for inclusion in the rendered page?
I started going over the Apache docs last night and have tried
several examples but in the end the file ,while not accessible
for downloading, is blocked across the board. Am I way off the
mark in thinking something like this is even possible?
Sorry, I had the filename wrong, it’s access_log and error_log, not
with dots. That’s with Apache 2.
Walter
On Mar 15, 2010, at 10:29 PM, Walter Lee Davis wrote:
I’ve never used MAMP, so I’m not sure where it puts this stuff. What
version of Apache are you running?
Walter
On Mar 15, 2010, at 10:12 PM, Todd wrote:
I see 4 error .log files: apache_error.log, mysql_error.log,
php_error.log, mysql_error.err but no access.log.
T.
On Mar 15, 2010, at 8:36 PM, Walter Lee Davis wrote:
Try looking around in your MAMP environment folder for the var/
logs folder, or similar. You want a file called access.log, in the
same folder as a bunch of numbered versions of that file, along
with error.log and its cousins.
Walter
On Mar 15, 2010, at 8:26 PM, Todd wrote:
On the remote server I don’t believe I have access to those logs
but locally I’m running/testing the site under MAMP so would
those logs be present? This is an area I’m not familiar with so
it may be a dumb question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs on
that machine? It would be instructive to see what the actual
hits for the font file look like. I’m guessing they are 200
status, but what else is in them? Is the referer being set and
populated to your server’s address? Or maybe that only happens
on cross-domain requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File
blocked but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any
request for a file within that directory that does not
originate from your domain. Since your page requests the font
file (the visitor doesn’t request it directly) I believe this
might work. It’s how images work, and I found out quite a lot
about image requests while building FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the
path of the file “font.otf” into a browser and downloading
it. I’m not expecting an airtight solution but any extra
blocks (however easily beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific
file is easy, the problem is it also prevents the file from
being rendered in the browser. What I’ve been unable to learn
is if it’s possible, using mod_rewrite, to prevent someone
from downloading the file (by typing in the path) while still
keeping the file accessible for inclusion in the rendered page?
I started going over the Apache docs last night and have
tried several examples but in the end the file ,while not
accessible for downloading, is blocked across the board. Am I
way off the mark in thinking something like this is even
possible?
My mistake too, I used dots instead of underscores in the file names.
Should be apache_error_log, etc. Still can’t find the access_log.
Using Apache v 2.2.13
Is the access_log a required Apache file, generally speaking, or can
things run without it. Curious.
T.
On Mar 15, 2010, at 9:33 PM, Walter Lee Davis wrote:
Sorry, I had the filename wrong, it’s access_log and error_log, not
with dots. That’s with Apache 2.
Walter
On Mar 15, 2010, at 10:29 PM, Walter Lee Davis wrote:
I’ve never used MAMP, so I’m not sure where it puts this stuff.
What version of Apache are you running?
Walter
On Mar 15, 2010, at 10:12 PM, Todd wrote:
I see 4 error .log files: apache_error.log, mysql_error.log,
php_error.log, mysql_error.err but no access.log.
T.
On Mar 15, 2010, at 8:36 PM, Walter Lee Davis wrote:
Try looking around in your MAMP environment folder for the var/
logs folder, or similar. You want a file called access.log, in
the same folder as a bunch of numbered versions of that file,
along with error.log and its cousins.
Walter
On Mar 15, 2010, at 8:26 PM, Todd wrote:
On the remote server I don’t believe I have access to those logs
but locally I’m running/testing the site under MAMP so would
those logs be present? This is an area I’m not familiar with so
it may be a dumb question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs on
that machine? It would be instructive to see what the actual
hits for the font file look like. I’m guessing they are 200
status, but what else is in them? Is the referer being set and
populated to your server’s address? Or maybe that only happens
on cross-domain requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File
blocked but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any
request for a file within that directory that does not
originate from your domain. Since your page requests the font
file (the visitor doesn’t request it directly) I believe this
might work. It’s how images work, and I found out quite a lot
about image requests while building FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the
path of the file “font.otf” into a browser and downloading
it. I’m not expecting an airtight solution but any extra
blocks (however easily beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific
file is easy, the problem is it also prevents the file from
being rendered in the browser. What I’ve been unable to
learn is if it’s possible, using mod_rewrite, to prevent
someone from downloading the file (by typing in the path)
while still keeping the file accessible for inclusion in the
rendered page?
I started going over the Apache docs last night and have
tried several examples but in the end the file ,while not
accessible for downloading, is blocked across the board. Am
I way off the mark in thinking something like this is even
possible?
I imagine you could configure Apache to not log access, and then you
wouldn’t need it. Never heard of anyone doing that.
Walter
On Mar 15, 2010, at 10:41 PM, Todd wrote:
My mistake too, I used dots instead of underscores in the file
names. Should be apache_error_log, etc. Still can’t find the
access_log.
Using Apache v 2.2.13
Is the access_log a required Apache file, generally speaking, or can
things run without it. Curious.
T.
On Mar 15, 2010, at 9:33 PM, Walter Lee Davis wrote:
Sorry, I had the filename wrong, it’s access_log and error_log, not
with dots. That’s with Apache 2.
Walter
On Mar 15, 2010, at 10:29 PM, Walter Lee Davis wrote:
I’ve never used MAMP, so I’m not sure where it puts this stuff.
What version of Apache are you running?
Walter
On Mar 15, 2010, at 10:12 PM, Todd wrote:
I see 4 error .log files: apache_error.log, mysql_error.log,
php_error.log, mysql_error.err but no access.log.
T.
On Mar 15, 2010, at 8:36 PM, Walter Lee Davis wrote:
Try looking around in your MAMP environment folder for the var/
logs folder, or similar. You want a file called access.log, in
the same folder as a bunch of numbered versions of that file,
along with error.log and its cousins.
Walter
On Mar 15, 2010, at 8:26 PM, Todd wrote:
On the remote server I don’t believe I have access to those
logs but locally I’m running/testing the site under MAMP so
would those logs be present? This is an area I’m not familiar
with so it may be a dumb question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs on
that machine? It would be instructive to see what the actual
hits for the font file look like. I’m guessing they are 200
status, but what else is in them? Is the referer being set and
populated to your server’s address? Or maybe that only happens
on cross-domain requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File
blocked but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any
request for a file within that directory that does not
originate from your domain. Since your page requests the
font file (the visitor doesn’t request it directly) I
believe this might work. It’s how images work, and I found
out quite a lot about image requests while building
FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the
path of the file “font.otf” into a browser and downloading
it. I’m not expecting an airtight solution but any extra
blocks (however easily beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific
file is easy, the problem is it also prevents the file from
being rendered in the browser. What I’ve been unable to
learn is if it’s possible, using mod_rewrite, to prevent
someone from downloading the file (by typing in the path)
while still keeping the file accessible for inclusion in
the rendered page?
I started going over the Apache docs last night and have
tried several examples but in the end the file ,while not
accessible for downloading, is blocked across the board. Am
I way off the mark in thinking something like this is even
possible?
I’m certain I’m modifying the .htaccess file correctly so I’m not sure
what else to do in the absence of finding an access_log file. If what
I need works with images then I don’t see why it wouldn’t work for a
font file. If you think of anything else let me know.
Thanks,
Todd
On Mar 15, 2010, at 9:43 PM, Walter Lee Davis wrote:
I imagine you could configure Apache to not log access, and then you
wouldn’t need it. Never heard of anyone doing that.
Walter
On Mar 15, 2010, at 10:41 PM, Todd wrote:
My mistake too, I used dots instead of underscores in the file
names. Should be apache_error_log, etc. Still can’t find the
access_log.
Using Apache v 2.2.13
Is the access_log a required Apache file, generally speaking, or
can things run without it. Curious.
T.
On Mar 15, 2010, at 9:33 PM, Walter Lee Davis wrote:
Sorry, I had the filename wrong, it’s access_log and error_log,
not with dots. That’s with Apache 2.
Walter
On Mar 15, 2010, at 10:29 PM, Walter Lee Davis wrote:
I’ve never used MAMP, so I’m not sure where it puts this stuff.
What version of Apache are you running?
Walter
On Mar 15, 2010, at 10:12 PM, Todd wrote:
I see 4 error .log files: apache_error.log, mysql_error.log,
php_error.log, mysql_error.err but no access.log.
T.
On Mar 15, 2010, at 8:36 PM, Walter Lee Davis wrote:
Try looking around in your MAMP environment folder for the var/
logs folder, or similar. You want a file called access.log, in
the same folder as a bunch of numbered versions of that file,
along with error.log and its cousins.
Walter
On Mar 15, 2010, at 8:26 PM, Todd wrote:
On the remote server I don’t believe I have access to those
logs but locally I’m running/testing the site under MAMP so
would those logs be present? This is an area I’m not familiar
with so it may be a dumb question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs on
that machine? It would be instructive to see what the actual
hits for the font file look like. I’m guessing they are 200
status, but what else is in them? Is the referer being set
and populated to your server’s address? Or maybe that only
happens on cross-domain requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File
blocked but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any
request for a file within that directory that does not
originate from your domain. Since your page requests the
font file (the visitor doesn’t request it directly) I
believe this might work. It’s how images work, and I found
out quite a lot about image requests while building
FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the
path of the file “font.otf” into a browser and downloading
it. I’m not expecting an airtight solution but any extra
blocks (however easily beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific
file is easy, the problem is it also prevents the file
from being rendered in the browser. What I’ve been unable
to learn is if it’s possible, using mod_rewrite, to
prevent someone from downloading the file (by typing in
the path) while still keeping the file accessible for
inclusion in the rendered page?
I started going over the Apache docs last night and have
tried several examples but in the end the file ,while not
accessible for downloading, is blocked across the board.
Am I way off the mark in thinking something like this is
even possible?
The only other thought I have is to look around for anti-leeching
scripts. That’s basically what you’re after here.
Walter
On Mar 15, 2010, at 10:54 PM, Todd wrote:
I’m certain I’m modifying the .htaccess file correctly so I’m not
sure what else to do in the absence of finding an access_log file.
If what I need works with images then I don’t see why it wouldn’t
work for a font file. If you think of anything else let me know.
Thanks,
Todd
On Mar 15, 2010, at 9:43 PM, Walter Lee Davis wrote:
I imagine you could configure Apache to not log access, and then
you wouldn’t need it. Never heard of anyone doing that.
Walter
On Mar 15, 2010, at 10:41 PM, Todd wrote:
My mistake too, I used dots instead of underscores in the file
names. Should be apache_error_log, etc. Still can’t find the
access_log.
Using Apache v 2.2.13
Is the access_log a required Apache file, generally speaking, or
can things run without it. Curious.
T.
On Mar 15, 2010, at 9:33 PM, Walter Lee Davis wrote:
Sorry, I had the filename wrong, it’s access_log and error_log,
not with dots. That’s with Apache 2.
Walter
On Mar 15, 2010, at 10:29 PM, Walter Lee Davis wrote:
I’ve never used MAMP, so I’m not sure where it puts this stuff.
What version of Apache are you running?
Walter
On Mar 15, 2010, at 10:12 PM, Todd wrote:
I see 4 error .log files: apache_error.log, mysql_error.log,
php_error.log, mysql_error.err but no access.log.
T.
On Mar 15, 2010, at 8:36 PM, Walter Lee Davis wrote:
Try looking around in your MAMP environment folder for the var/
logs folder, or similar. You want a file called access.log, in
the same folder as a bunch of numbered versions of that file,
along with error.log and its cousins.
Walter
On Mar 15, 2010, at 8:26 PM, Todd wrote:
On the remote server I don’t believe I have access to those
logs but locally I’m running/testing the site under MAMP so
would those logs be present? This is an area I’m not familiar
with so it may be a dumb question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs
on that machine? It would be instructive to see what the
actual hits for the font file look like. I’m guessing they
are 200 status, but what else is in them? Is the referer
being set and populated to your server’s address? Or maybe
that only happens on cross-domain requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File
blocked but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any
request for a file within that directory that does not
originate from your domain. Since your page requests the
font file (the visitor doesn’t request it directly) I
believe this might work. It’s how images work, and I found
out quite a lot about image requests while building
FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing the
path of the file “font.otf” into a browser and
downloading it. I’m not expecting an airtight solution
but any extra blocks (however easily beaten) would be good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that specific
file is easy, the problem is it also prevents the file
from being rendered in the browser. What I’ve been unable
to learn is if it’s possible, using mod_rewrite, to
prevent someone from downloading the file (by typing in
the path) while still keeping the file accessible for
inclusion in the rendered page?
I started going over the Apache docs last night and have
tried several examples but in the end the file ,while not
accessible for downloading, is blocked across the board.
Am I way off the mark in thinking something like this is
even possible?
And just to be clear in case it matters: The file being protected is
used in the CSS as an embedded font which is why it needs to be
protected from downloading yet also be accessible for proper CSS/text
rendering.
T.
On Mar 15, 2010, at 9:56 PM, Walter Lee Davis wrote:
The only other thought I have is to look around for anti-leeching
scripts. That’s basically what you’re after here.
Walter
On Mar 15, 2010, at 10:54 PM, Todd wrote:
I’m certain I’m modifying the .htaccess file correctly so I’m not
sure what else to do in the absence of finding an access_log file.
If what I need works with images then I don’t see why it wouldn’t
work for a font file. If you think of anything else let me know.
Thanks,
Todd
On Mar 15, 2010, at 9:43 PM, Walter Lee Davis wrote:
I imagine you could configure Apache to not log access, and then
you wouldn’t need it. Never heard of anyone doing that.
Walter
On Mar 15, 2010, at 10:41 PM, Todd wrote:
My mistake too, I used dots instead of underscores in the file
names. Should be apache_error_log, etc. Still can’t find the
access_log.
Using Apache v 2.2.13
Is the access_log a required Apache file, generally speaking, or
can things run without it. Curious.
T.
On Mar 15, 2010, at 9:33 PM, Walter Lee Davis wrote:
Sorry, I had the filename wrong, it’s access_log and error_log,
not with dots. That’s with Apache 2.
Walter
On Mar 15, 2010, at 10:29 PM, Walter Lee Davis wrote:
I’ve never used MAMP, so I’m not sure where it puts this stuff.
What version of Apache are you running?
Walter
On Mar 15, 2010, at 10:12 PM, Todd wrote:
I see 4 error .log files: apache_error.log, mysql_error.log,
php_error.log, mysql_error.err but no access.log.
T.
On Mar 15, 2010, at 8:36 PM, Walter Lee Davis wrote:
Try looking around in your MAMP environment folder for the
var/logs folder, or similar. You want a file called
access.log, in the same folder as a bunch of numbered
versions of that file, along with error.log and its cousins.
Walter
On Mar 15, 2010, at 8:26 PM, Todd wrote:
On the remote server I don’t believe I have access to those
logs but locally I’m running/testing the site under MAMP so
would those logs be present? This is an area I’m not
familiar with so it may be a dumb question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs
on that machine? It would be instructive to see what the
actual hits for the font file look like. I’m guessing they
are 200 status, but what else is in them? Is the referer
being set and populated to your server’s address? Or maybe
that only happens on cross-domain requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File
blocked but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any
request for a file within that directory that does not
originate from your domain. Since your page requests the
font file (the visitor doesn’t request it directly) I
believe this might work. It’s how images work, and I
found out quite a lot about image requests while building
FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing
the path of the file “font.otf” into a browser and
downloading it. I’m not expecting an airtight solution
but any extra blocks (however easily beaten) would be
good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that
specific file is easy, the problem is it also prevents
the file from being rendered in the browser. What I’ve
been unable to learn is if it’s possible, using
mod_rewrite, to prevent someone from downloading the
file (by typing in the path) while still keeping the
file accessible for inclusion in the rendered page?
I started going over the Apache docs last night and have
tried several examples but in the end the file ,while
not accessible for downloading, is blocked across the
board. Am I way off the mark in thinking something like
this is even possible?
IS the file referenced from the HTML file or from within the CSS file?
I think that might be critical here, although I’m not sure. Load the
page in Safari with the Developer stuff on and open. Look in the
Resources tab of the Web Inspector and see if there’s any clue there.
Walter
On Mar 15, 2010, at 11:06 PM, Todd wrote:
Thanks, I’ll have a look.
And just to be clear in case it matters: The file being protected is
used in the CSS as an embedded font which is why it needs to be
protected from downloading yet also be accessible for proper CSS/
text rendering.
T.
On Mar 15, 2010, at 9:56 PM, Walter Lee Davis wrote:
The only other thought I have is to look around for anti-leeching
scripts. That’s basically what you’re after here.
Walter
On Mar 15, 2010, at 10:54 PM, Todd wrote:
I’m certain I’m modifying the .htaccess file correctly so I’m not
sure what else to do in the absence of finding an access_log file.
If what I need works with images then I don’t see why it wouldn’t
work for a font file. If you think of anything else let me know.
Thanks,
Todd
On Mar 15, 2010, at 9:43 PM, Walter Lee Davis wrote:
I imagine you could configure Apache to not log access, and then
you wouldn’t need it. Never heard of anyone doing that.
Walter
On Mar 15, 2010, at 10:41 PM, Todd wrote:
My mistake too, I used dots instead of underscores in the file
names. Should be apache_error_log, etc. Still can’t find the
access_log.
Using Apache v 2.2.13
Is the access_log a required Apache file, generally speaking, or
can things run without it. Curious.
T.
On Mar 15, 2010, at 9:33 PM, Walter Lee Davis wrote:
Sorry, I had the filename wrong, it’s access_log and error_log,
not with dots. That’s with Apache 2.
Walter
On Mar 15, 2010, at 10:29 PM, Walter Lee Davis wrote:
I’ve never used MAMP, so I’m not sure where it puts this
stuff. What version of Apache are you running?
Walter
On Mar 15, 2010, at 10:12 PM, Todd wrote:
I see 4 error .log files: apache_error.log, mysql_error.log,
php_error.log, mysql_error.err but no access.log.
T.
On Mar 15, 2010, at 8:36 PM, Walter Lee Davis wrote:
Try looking around in your MAMP environment folder for the
var/logs folder, or similar. You want a file called
access.log, in the same folder as a bunch of numbered
versions of that file, along with error.log and its cousins.
Walter
On Mar 15, 2010, at 8:26 PM, Todd wrote:
On the remote server I don’t believe I have access to those
logs but locally I’m running/testing the site under MAMP so
would those logs be present? This is an area I’m not
familiar with so it may be a dumb question.
Todd
On Mar 15, 2010, at 5:05 PM, Walter Lee Davis wrote:
That’s strange. Do you have access to your raw server logs
on that machine? It would be instructive to see what the
actual hits for the font file look like. I’m guessing they
are 200 status, but what else is in them? Is the referer
being set and populated to your server’s address? Or maybe
that only happens on cross-domain requests.
Walter
On Mar 15, 2010, at 5:49 PM, Todd wrote:
Yeah, I tried that last night with the usual result: File
blocked but also not rendered.
T.
On Mar 15, 2010, at 4:42 PM, Walter Lee Davis wrote:
If I’m reading this correctly, it will send a 403 to any
request for a file within that directory that does not
originate from your domain. Since your page requests the
font file (the visitor doesn’t request it directly) I
believe this might work. It’s how images work, and I
found out quite a lot about image requests while
building FreeCounter.
Walter
On Mar 15, 2010, at 5:29 PM, Todd wrote:
The goal is to prevent the casual visitor from typing
the path of the file “font.otf” into a browser and
downloading it. I’m not expecting an airtight solution
but any extra blocks (however easily beaten) would be
good.
Directory structure:
resources
image.png
fonts
.htaccess
font.otf
Blocking access to the “fonts” directory or that
specific file is easy, the problem is it also prevents
the file from being rendered in the browser. What I’ve
been unable to learn is if it’s possible, using
mod_rewrite, to prevent someone from downloading the
file (by typing in the path) while still keeping the
file accessible for inclusion in the rendered page?
I started going over the Apache docs last night and
have tried several examples but in the end the
file ,while not accessible for downloading, is blocked
across the board. Am I way off the mark in thinking
something like this is even possible?
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
# CustomLog /Applications/MAMP/logs/apache_access_log common
I assume that being hashed out it is not set as a standard config?
That’s how I read it. So the real question is, where are the default
logs going? dev/null?
Walter
On Mar 16, 2010, at 4:40 AM, DeltaDave wrote:
This from the MAMP httpd.conf file
# The location and format of the access logfile (Common Logfile
Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
# CustomLog /Applications/MAMP/logs/apache_access_log common
I assume that being hashed out it is not set as a standard config?