Rich-text Reply

Modsecurity causing 403 errors

jmc 08-22-16
Accepted Solution

Modsecurity causing 403 errors



We run Optimizely on our primary domain:


A new site is being launched on Because Optimizely sets cookies on the top level domain, they also run on the new subdomain - which responds with a 403 error in their presence. We do not require Optimizely on the new domain at this stage.


Does anyone have a recommendation on how to handle this? A whitelist rule for ModSecurity seems like the solution.




Level 1

David_Orr 08-23-16

Re: Modsecurity causing 403 errors


Here is my understanding of the issue:

* Optimizely sets cookies on "".
* Visitors that land on with the cookies that Optimizely set above will result in a 403 error.

The only API we have that allows you to modify the domain we set cookies on is window['optimizely'].push(["setCookieDomain", ""]);

This API call will allow you change the domain we use to set the cookie.

Here is a link for more info:

I hope this works for you.

Senior Technical Support Engineer
jmc 08-24-16

Re: Modsecurity causing 403 errors

Thanks David, that's exactly what I was looking for.
Level 1