I am using premium fonts on a website and linked them using
#font-face {src: url(../fonts/fontName.ttf);}
The fonts folder is currently accessible by anyone by going to www.website.tld/fonts.
How can I be able to hide fonts directory from public access but still be able to use the fonts in our website.
Thanks.
If you want to prevent font files showing up in your directory listing, use this in your .htaccess
IndexIgnore *.ttf *.woff *.woff2 *.eot, *.otf *.cff *.afm *.lwfn
IndexIgnore *.ffil *.fon *.pfm *.pfb *.svg *.std *.pro *.xsf
Obviously, you should only add the ones you use.
If you want to disable the directory listing of your entire /fonts folder use this instead (same file):
<Directory /path/to/fonts>
Options -Indexes
</Directory>
This, however, will only disable the listing of those files, not downloading. And disabling listing for resources that have publicly available download links (referenced in CSS in the case of font files) is absolutely pointless.
If you want to prevent clients (people, bots) from "illegally" downloading font files from your server... well, you can't.
You need to allow browsers (clients) to download the font file(s) so they render your website according to your designer's specs. Once used, a copy of any resource exists in the browser and you cannot stop savvy clients from accessing them, because you do not and cannot control their browser.
Your question has, probably, already been answered, in the agreement you signed with the author/vendor of the font. Using the font online is, most likely, clearly defined in that agreement.
If it's not, it is still the vendor/author that needs to provide you with the correct answer. Both technically and legally. And I believe the latter is what actually interests you.
By the way, this is the main reason the use for web is charged extra by most foundries: when they allow it, they allow a free download link (illegal if used for anything other than viewing the content it was provided for). All they can do about it is embed a notice telling the use of their font files without their knowledge and acceptance is illegal.
Related
I know that you need to enable parent paths in order to include files in a parent directory, however I have no way of enabling this property on godaddy's plesk hosting. Is there any way around this or do I just need to upload the include files into each and every directory on my site.
The idea of the include files was that I would have less that needed maintaining, and if I need to upload them into every folder then I certainly don't have less to maintain.
Thank you for the help.
You can include files that are "higher up" in the folder hierarchy, you just can't use the file="../../" syntax. Instead, use "virtual" instead of "file" and specify the full path relative to the site's root:
<!-- #include virtual="/path/to/includes/filename.inc" -->
This has the added advantage of always being the same path, regardless of where you're including it, so you can copy & paste to your heart's content.
Of course, this will require editing every page that has includes in it, but since you were going to do that anyway, I gather this is not an issue.
Here is the way to allow parent path in plesk shared hosting, for example: godaddy
Go to Virtual Directories
Find Directory Properties under Tools section, click on it
Tick Allow to use parent paths checkbox under Application settings section
Hope this helps.
Our sitecore developer quit suddenly and I need to make a small change. I'm a front end developer and have no real experience with the sitecore backend. I just need to add some CSS styles to the main style.css file or I need to add my own file. I've got full access to the CMS, but no access to the hosting account. I'm trying to find the main CSS file through the CMS browser, but I'm not having any luck.
Can you help me either:
A) Locate the main CSS file so I can add some classes (preferred)
B) Add my own link in the tag to my own CSS file hosted on another domain
C) Use the home page link to CSS file where I can add some classes
A note about OPTION C... I'm in the CMS and I see there is a system folder and in that a CSS folder where I can add a custom.css file. Then I go to the home page and I can actually call that CSS file from a field in the home page BUT, when the site loads, even though it's calling this file, it comes over as .aspx and it's blank so no styles I set are applied.
you can find the location of file as suggested by Maciej or use firebug or any other developer tools to find the location of main style.css. Once you get the location you can browser the physical file on server by going to Sitecore start menu -> All Application ->File explorer . Download file using File explorer make your changes and upload it back, make sure you check override existing file when you upload. Also make sure you upload file to delivery server once you test your changes, typically you will be accessing Sitecore using Authoring Server so instance you are accessing might not be same as CD server.
You could right-click in your browser to figure out where your css is coming from relative to the server root. Although not completely fool-proof, this method may give you a quick answer.
According to documentation for sitecore 6.2, style sheet location is determined by the developer so it could be anywhere that the developer has chosen.
Take a look at this answer for more details.
You should also be wary of how code gets built and deployed. Most Sitecore developers have very specific methodologies for how they include code (including front end) in their solutions.
Make sure you're aware of any deployment methodologies your developer used, so that your work doesn't get overwritten in a future deployment.
Did they use a source control management solution (like Git or TFS)? Did they use an automated tool to do deployments (like Octopus Deploy)?
If you can find main CSS file in physical location, you can update the file with new CSS styles.
If you want to add your own CSS as an additional CSS style, you might need to create a new template for css link and use that template when you create new page with your own CSS.
Just for future reference, by default the location of the used css files is described in Sitecore.config like this:
<!-- WEB SITE STYLESHEET
CSS file for HTML content of Sitecore database.
The file pointed to by WebStylesheet setting is automatically included in Html and Rich Text fields.
By using it, you can make the content of HTML fields look the same as the actual Web Site
-->
<setting name="WebStylesheet" value="/default.css"/>
Paths are relative to the root of your sitecore installation, you can find default.css in the root of the sitecore application on the webserver.
In Chrome Browser, Inspect element and select source tab
and open required css file and make changes.
If I'm hosting a website, say at http://www.example.com, how can I find files that are in the same folder as index.html if I DON'T know the filenames?
So for example, if there are these files in there:
http://www.example.com/test.txt
http://www.example.com/test1.txt
Can anyone see this list of files? If so, how can I hide them, but make each one accessible to someone who knows the names? I don't want to use a password system, if possible.
If you put index.html in that directory, so no files will be listed. If you allow to upload to that directory, so i can upload some php script to list all files in directory. IF you don't know file name, you can try to guess it :)
You can use bruteforce tools such as dirbuster, or you can look at the "/robots.txt" file for some clues on what's on the website.
By the way, you should keep in mind that most of web servers nowadays have rights management implemented, so even if there is such file on the server it may not allow you access to it without authentication.
Some hosting providers provide an option to specify whether directory listings are allowed. If enabled, and a client requests a URL for a folder that does not contain a default HTML file (index.html, default.html, default.aspx, etc), then the web server will serve up an HTML file containing a listing of the files in that folder. It is rare that this option is ever enabled, though.
but you should be accurate while inserting names of files in URL or else you can use pen-test tool which will list out some of the names for free.for attempts ot full listing of files you'll need to be a paid member i guess
Someone told me that another person was hotlinking my CSS file. I was able to find with them using my CSS file. I'm not fine with them hotlinking my CSS file.
Is there anyway to only allow one single URL to use my css file?
I asked the person to stop and told them "you can take it and host it elsewhere", but it seems that they won't listen. I decided to change their background to something borderline nsfw, but that still didn't stop them from doing it again. I could start putting goatse and such, but that is going to be wasting my time.
You can use your .htaccess file to restrict the domain.
Reference 1
Reference 2 http://www.globinch.com/2011/04/13/prevent-hotlinking-of-image-script-css-etc-using-htaccess/
You could wrap the css in php code and check the referrer.
You can block access folders or files using server settings - http://support.microsoft.com/kb/324066 - but if you are in a hosted environment you may not be able to change these settings - you may have to make a request to your host.
If your site is (or supports) PHP, you could put your CSS into a PHP file and include that in the files that need it. Then it would be safe from hot inclusion.
Using FileZilla, I can access folders that are outside my web directory. How can I do the same with Dreamweaver so that I can edit the files and automatically save/upload all through Dreamweaver? I currently can only access the web directory.
I know how to include them with PHP, but I would like Dreamweaver to find/access them.
Thank you!
You would have to set the Site Definition (both local and remote) paths to look one level higher than you currently have it. So if the local path is
My Documents/Web Sites/This Site
you would change it to
My Documents/Web Sites/
and if the remote is:
/user/home/domain.com/
change to
/user/home/
The problem you are going to run into is that Dreamweaver doesn't work well when set like this. It assumes the Remote path is the public web root and will create all sorts of files and folders there automatically and DW expects those to be in the public root. Also, things like setting paths to includes and images automatically will start to not work as all paths will start outside of the public web root.
Best to leave it as it is and use an external FTP program to handle the files outside of the web site.
We've bumped up against this situation previously where the desire was to have the PHP include files be moved outside the public HTML directory. JCL1178's answer is absolutely conceptually correct.
The actual implementation was to duplicate the site (under "Manage Sites") and essentially create a separate site for the "includes" directory that would go one level up. So the "Root Directory" setting was normal (in our case "public_html/" in the main site and we removed "public_html/" from the Root Directory setting in the "includes" site, effectively causing the path to go one level up.
Definitely not an ideal situation/workflow, to say the least, as you'll end up with two site definitions for one site (which can cause other issues); but Dreamweaver is what it is. We were working on a project offsite that did not allow for anything other than Dreamweaver to be used, so this is what we came up with to comply.
As an added note: we were only able to implement this solution because the webhosting plan allowed us to get to the root. If you're on a webhosting plan that is strictly limited to the public directory, the whole thing will be DOA.