![]() ![]() ‣ The foundry used cache control headers on the response, so that every page load required contacting their origin server and could be logged for billing purposes. Every time the font resource was downloaded from their server, the foundry counted that as a licensed pageview. ‣ There was no explicit reporting involved. ![]() ‣ You were not allowed to self-host the font files, and had to load them directly from the hosting URL provided by the font foundry In the case of the font foundry my client was licensing from, Ended up using a Worker function to tidy up after the janky WAF header mangling, got them to remove the explicit challenge page, and just swapped out the licensed font for a generic/free one for suspicious activity.Īll because of that stupid pageview based font licensing model and its susceptibility to abuse. It was such a pain to service the client that I ended up convincing their network security team to let me pilot Cloudflare in front of the WAF (that they insisted remain). It made for an abrasive visitor experience, fundamentally broke server logging data (due to header mangling), and constantly broke third party integrations. They slapped the site behind an aggressively configured enterprise WAF in response to that bill specifically. I had one client that started getting their product catalog scraped aggressively, and the invoice for their licensed font usage that month was an order of magnitude higher than they expected (low six figures, vs. It's also incredibly risky for advertising and marketing campaigns. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |