What is the best .htaccess code for preventing users from downloading web fonts

Posted on 2011-10-21
Medium Priority
Last Modified: 2012-05-12
Over on StackOverFlow   there is a thread on preventing users from downloading webfonts or hot linking web fonts.  Some guy somewhere else said to use a .htaccess file with

Order allow,deny
Deny from all

which is of course duh... wrong because it will not deliver the font at all. Here is another so-called solution.

SetEnvIfNoCase Referer "^https?://([^/]*)?example\.com/" local_ref=1
SetEnvIf Referer ^$ local_ref=1

<FilesMatch "\.(eot|svg|ttf|woff)$">
  Order Allow,Deny
  Allow from env=local_ref

But this does not work for me either...if I use the above... the fonts are not sent by apache.
Question by:Sivakatirswami
  • 2
  • 2
LVL 53

Accepted Solution

COBOLdinosaur earned 2000 total points
ID: 37009907
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(otf|ttf|oet)$ - [NC,F,L]

Open in new window

In that final line add any other file extenions that you need to protect.  That will allow only requests from pages on your domain.  If you need to allow access for another domain. then repeat line 3 with the name of the domain you want to grant access to.  You can add as many domains as you need to.

Author Comment

ID: 37010080
Yay! it works. Thanks Cobol

Fonts delivered here:


but you can't get in here:



Author Closing Comment

ID: 37010084
[shameless EE advocacy} Lots of other places on the web for getting solutions, but, frankly, not always the what could be considered best practices, or accurate. EE's experts always deliver.
LVL 53

Expert Comment

ID: 37010094
Yah, that works for just about anything.  Mostly it is used to keep leeches from hot linking to images instead of hosting them on there own server.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Why do we like using grid based layouts in website design? Let's look at the live examples of websites and compare them to grid based WordPress themes.
In this tutorial viewers will learn how to position items using CSS's three positioning types Create a new HTML document with an internal stylesheet.: Create another div in CSS and name it Absolute : Type "position:absolute;" and "top:10px; left:50p…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
Suggested Courses
Course of the Month7 days, 21 hours left to enroll

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question