It shows my home IPV6 address and user being blocked:
User session protection :IP and User-agent have changed during an active session
Maybe it starts comms on IPv4 and flips to IPv6? And that counts as a changed session?
Yes, that could be the reason. Please, go to Waf configuration -> user session protection and confirm that the "Elements to check in session hijack" drop-down is set to "IP AND User-agent". If not set to that value to avoid being banned even if your IP changes during an active session (supposing you're using the same browser).