On Tue, Dec 28, 2010 at 10:26 AM, Itamar Landsman <modsec@...> wrote:
> Did anyone get around to getting the complete set of rules working without
> seeing this error?
As Itamar pointed out offline, the
modsecurity_crs_43_csrf_protection.conf may create this error message
when the session collection is not created properly (via the setsid
direcive in the BEGIN_SESSION_STARTUP section). As the comment says in
the 43 conf file, the CSRF protection rules should probably not be
used on all resources.