Hi,

I try to do find a way to migitate CSRF attacks and so I activated the prerequisite modsecurity_crs_16_session_hijacking ruleset first.

Activating the ruleset leads to many false positives (see details below) which I just don't understand:
****
[Sun Jun 22 20:50:21 2014] [error] [client REMOTE_ADDR] ModSecurity: Warning. Match of "streq %{SESSION.IP_HASH}" against "TX:ip_hash" required. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "35"] [id "981059"] [msg "Warning - Sticky SessionID Data Changed - IP Address Mismatch."] [hostname "FQDN"] [uri "/presentation/screen.css"] [unique_id "U6clbQoAkBUAACDpqawAAAAC"]

[Sun Jun 22 20:50:21 2014] [error] [client REMOTE_ADDR] ModSecurity: Warning. Match of "streq %{SESSION.UA_HASH}" against "TX:ua_hash" required. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "36"] [id "981060"] [msg "Warning - Sticky SessionID Data Changed - User-Agent Mismatch."] [hostname "FQDN"] [uri "/presentation/screen.css"] [unique_id "U6clbQoAkBUAACDpqawAAAAC"]

[Sun Jun 22 20:50:21 2014] [error] [client REMOTE_ADDR] ModSecurity: Warning. Operator EQ matched 2 at TX:sticky_session_anomaly. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "37"] [id "981061"] [msg "Possible Session Hijacking - IP Address and User-Agent Mismatch."] [hostname "FQDN"] [uri "/presentation/screen.css"] [unique_id "U6clbQoAkBUAACDpqawAAAAC"]
***

I am testing the site from home with a fixed IP adress so why do I end up with a "IP Address Mismatch"?
Any help would be much appreciated.

Regards,
John