![monotype helvetica now monotype helvetica now](https://www.dexigner.com/images/article/61938/Helvetica_Now_Variable_03.jpg)
But the way it operated had a lot of nasty side effects that caused a never-ending stream of technical problems, in addition to just being a terrible user experience. The intent being that automated traffic wouldn't get past the WAF and would never load the actual destination page, and by extension the precious font files. And the way the interstitial page loaded the final content for traffic that "passed the test" obliterated referral information and made it impossible to make heads or tails of your traffic data. And that "other one" could easily be on a background resource load rather than the primary page itself, which would just hang. So every user got hit with an interstitial Javascript challenge page on first pageload, and if they stuck around for just a bit they'd get hit with another one out of nowhere. The WAF did a bunch of stuff, but the primary headache was that they enabled challenge pages for every single visitor as a knee-jerk reaction, with a ridiculously low validity timeframe. If your pageview count was above your contractual rate, you pay your base rate + whatever your overage cost was. If your resource download/pageview count was within your contractual limit, you're invoiced your base rate. ‣ The foundry sent an invoice, telling you what your usage was. ‣ The foundry used cache control headers on the response, so that every page load required contacting their origin server and could be logged for billing purposes. Every time the font resource was downloaded from their server, the foundry counted that as a licensed pageview. ‣ There was no explicit reporting involved. ‣ You were not allowed to self-host the font files, and had to load them directly from the hosting URL provided by the font foundry In the case of the font foundry my client was licensing from,
![monotype helvetica now monotype helvetica now](https://uploads.ifdesign.de/entry_ex_media/award_346/307924_42919_large_entry_medium.jpg)
Ended up using a Worker function to tidy up after the janky WAF header mangling, got them to remove the explicit challenge page, and just swapped out the licensed font for a generic/free one for suspicious activity.Īll because of that stupid pageview based font licensing model and its susceptibility to abuse.
![monotype helvetica now monotype helvetica now](https://www.axismag.jp/axismag-admin/wp-content/uploads/2019/04/mt_images-article_helveticanow-displaytextmicro_1540x1032-720x483.jpg)
It was such a pain to service the client that I ended up convincing their network security team to let me pilot Cloudflare in front of the WAF (that they insisted remain). It made for an abrasive visitor experience, fundamentally broke server logging data (due to header mangling), and constantly broke third party integrations. They slapped the site behind an aggressively configured enterprise WAF in response to that bill specifically. I had one client that started getting their product catalog scraped aggressively, and the invoice for their licensed font usage that month was an order of magnitude higher than they expected (low six figures, vs. It's also incredibly risky for advertising and marketing campaigns.