Ryfujk

Exponential growth/decay formula: what happened to the other constant of integration?

chrony vs. systemd-timesyncd – What are the differences and use cases as NTP clients?

Use comma instead of & in table

I can't die. Who am I?

"Murder!" The knight said

Sometimes a banana is just a banana

Is divide-by-zero a security vulnerability?

You'll find me clean when something is full

Can I become debt free or should I file for bankruptcy? How do I manage my debt and finances?

Contradiction with Banach Fixed Point Theorem

Did 5.25" floppies undergo a change in magnetic coating?

Is my plan for fixing my water heater leak bad?

Can you use a beast's innate abilities while polymorphed?

Logistics of a hovering watercraft in a fantasy setting

The change directory (cd) command is not working with a USB drive

Multiplication via squaring and addition

Are small insurances worth it

When was drinking water recognized as crucial in marathon running?

If a druid in Wild Shape swallows a creature whole, then turns back to her normal form, what happens?

Second-rate spelling

Is there any relevance to Thor getting his hair cut other than comedic value?

Understanding Kramnik's play in game 1 of Candidates 2018

How to deny access to SQL Server to certain login over SSMS, but allow over .Net SqlClient Data Provider

As a new poet, where can I find help from a professional to judge my work?

Whitelisting google fonts apis on my firewall

NAT as a firewallProvide IPv6 to network from OpenBSD firewallGooglepages URLs to my old site are no longer redirected to Google SitesHow do I configure Windows Firewall to permit MSRPC?nginx probably deliering wrong filetype for .css file with php tagsWebservice randomly dropping connections - possibly due to firewall nonevent data?How to make an existing caching Nginx proxy use another proxy to bypass a firewall?Google Cloud App Engine hosted page title extractor returns 403 Forbidden in casesCan 'vagrant share' be used from behind firewall, that blocks pretty much everything?ICMPv6 restrictive firewall: losing connectivity over time

0

I've got a machine behind a firewall (fortigate) that is only supposed to access a certain url, so, we whitelisted that url on the firewall and also the google dns servers: Every other traffic is forbidden.
The problem is that said page has some css styles that call the google api for fonts:
fonts.gstatic.com and fonts.googleapis.com (as far as I can tell)

For the life of me, I always get timed out on the fonts when accessing the web page, even though I added the FQDN as permitted traffic.

Am I missing any other url or anything you could come up with? I'm out of ideas.

firewall google css

share|improve this question

asked 6 hours ago

RedNanoRedNano

61

add a comment | 

0

I've got a machine behind a firewall (fortigate) that is only supposed to access a certain url, so, we whitelisted that url on the firewall and also the google dns servers: Every other traffic is forbidden.
The problem is that said page has some css styles that call the google api for fonts:
fonts.gstatic.com and fonts.googleapis.com (as far as I can tell)

For the life of me, I always get timed out on the fonts when accessing the web page, even though I added the FQDN as permitted traffic.

Am I missing any other url or anything you could come up with? I'm out of ideas.

firewall google css

share|improve this question

asked 6 hours ago

RedNanoRedNano

61

add a comment | 

I've got a machine behind a firewall (fortigate) that is only supposed to access a certain url, so, we whitelisted that url on the firewall and also the google dns servers: Every other traffic is forbidden.
The problem is that said page has some css styles that call the google api for fonts:
fonts.gstatic.com and fonts.googleapis.com (as far as I can tell)

For the life of me, I always get timed out on the fonts when accessing the web page, even though I added the FQDN as permitted traffic.

Am I missing any other url or anything you could come up with? I'm out of ideas.

firewall google css

share|improve this question

asked 6 hours ago

RedNanoRedNano

61

share|improve this question

asked 6 hours ago

RedNanoRedNano

61

share|improve this question

asked 6 hours ago

RedNanoRedNano

61

asked 6 hours ago

RedNanoRedNano

61

asked 6 hours ago

RedNanoRedNano

61

1 Answer
1

active

oldest

votes

0

Yes, I believe you're missing two another:

• www.googleapis.com (auth for the API);


• themes.googleusercontent.com (URL of each font).

Also, if the app uses the Webfont Loader, is also good to give access to the host:

• ajax.googleapis.com.

Got it here:

• https://developers.google.com/fonts/docs/developer_api


• https://github.com/typekit/webfontloader

Best luck!

share|improve this answer

answered 5 hours ago

Adriano LaranjeiraAdriano Laranjeira

1

New contributor

Adriano Laranjeira is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f956705%2fwhitelisting-google-fonts-apis-on-my-firewall%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

Yes, I believe you're missing two another:

• www.googleapis.com (auth for the API);


• themes.googleusercontent.com (URL of each font).

Also, if the app uses the Webfont Loader, is also good to give access to the host:

• ajax.googleapis.com.

Got it here:

• https://developers.google.com/fonts/docs/developer_api


• https://github.com/typekit/webfontloader

Best luck!

share|improve this answer

answered 5 hours ago

Adriano LaranjeiraAdriano Laranjeira

1

New contributor

Adriano Laranjeira is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

0

Yes, I believe you're missing two another:

• www.googleapis.com (auth for the API);


• themes.googleusercontent.com (URL of each font).

Also, if the app uses the Webfont Loader, is also good to give access to the host:

• ajax.googleapis.com.

Got it here:

• https://developers.google.com/fonts/docs/developer_api


• https://github.com/typekit/webfontloader

Best luck!

share|improve this answer

answered 5 hours ago

Adriano LaranjeiraAdriano Laranjeira

1

New contributor

Adriano Laranjeira is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

Yes, I believe you're missing two another:

• www.googleapis.com (auth for the API);


• themes.googleusercontent.com (URL of each font).

Also, if the app uses the Webfont Loader, is also good to give access to the host:

• ajax.googleapis.com.

Got it here:

• https://developers.google.com/fonts/docs/developer_api


• https://github.com/typekit/webfontloader

Best luck!

share|improve this answer

answered 5 hours ago

Adriano LaranjeiraAdriano Laranjeira

1

New contributor

Adriano Laranjeira is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

answered 5 hours ago

Adriano LaranjeiraAdriano Laranjeira

1

New contributor

Adriano Laranjeira is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 5 hours ago

Adriano LaranjeiraAdriano Laranjeira

1

New contributor

Adriano Laranjeira is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 5 hours ago

Adriano LaranjeiraAdriano Laranjeira

1