Modsecurity causing 403 errors
We run Optimizely on our primary domain: www.domain.com.
A new site is being launched on subdomain.domain.com. Because Optimizely sets cookies on the top level domain, they also run on the new subdomain - which responds with a 403 error in their presence. We do not require Optimizely on the new domain at this stage.
Does anyone have a recommendation on how to handle this? A whitelist rule for ModSecurity seems like the solution.
Solved! Go to Solution.
Here is my understanding of the issue:
* Optimizely sets cookies on ".domain.com".
* Visitors that land on sub.domain.com with the cookies that Optimizely set above will result in a 403 error.
The only API we have that allows you to modify the domain we set cookies on is window['optimizely'].push(["setCookieDomain", "www.example.com"]);
This API call will allow you change the domain we use to set the cookie.
I hope this works for you.