Rich-text Reply

Modsecurity causing 403 errors

jmc 08-22-16
Accepted Solution

Modsecurity causing 403 errors

Hi,

 

We run Optimizely on our primary domain: www.domain.com.

 

A new site is being launched on subdomain.domain.com. Because Optimizely sets cookies on the top level domain, they also run on the new subdomain - which responds with a 403 error in their presence. We do not require Optimizely on the new domain at this stage.

 

Does anyone have a recommendation on how to handle this? A whitelist rule for ModSecurity seems like the solution.

 

Thanks,

Jack

jmc
Level 1

David_Orr 08-23-16
 

Re: Modsecurity causing 403 errors

Jack,

Here is my understanding of the issue:

* Optimizely sets cookies on ".domain.com".
* Visitors that land on sub.domain.com with the cookies that Optimizely set above will result in a 403 error.

The only API we have that allows you to modify the domain we set cookies on is window['optimizely'].push(["setCookieDomain", "www.example.com"]);

This API call will allow you change the domain we use to set the cookie.

Here is a link for more info: http://developers.optimizely.com/javascript/reference/index.html#set-cookie-domain

I hope this works for you.

David
Senior Technical Support Engineer
Optimizely
jmc 08-24-16
 

Re: Modsecurity causing 403 errors

Thanks David, that's exactly what I was looking for.
jmc
Level 1