Add tag for all SecRules with SecDefaultAction

[glenn-kusardi]

I'm trying to add a tag in all SecRules. In @crs-setup.conf this is already outlined in an example for SecDefaultAction:
SecDefaultAction "phase:1,log,auditlog,redirect:'http://%{request_headers.host}/',tag:'Host: %{request_headers.host}'"
SecDefaultAction "phase:2,log,auditlog,redirect:'http://%{request_headers.host}/',tag:'Host: %{request_headers.host}'"

But if I uncomment this lines an error message is returned when restarting Caddy, describing that "SecDefaultAction must not contain metadata actions".

[M4tteoP]

Hi, this is tricky because of inconsistent documentation.

SecDefaultAction "phase:1,log,auditlog,redirect:'http://%{request_headers.host}/',tag:'Host: %{request_headers.host}'"
SecDefaultAction "phase:2,log,auditlog,redirect:'http://%{request_headers.host}/',tag:'Host: %{request_headers.host}'"

These lines are 8 years old from the crs-setup.conf.example, but accordingly to documentation, both Coraza and Modsecurity are actually not supporting it.

Mentioning both ModSec v2 and v3 docs:

Every SecDefaultAction directive must specify a disruptive action and a processing phase and cannot contain metadata actions.

With metadata actions including tag:

metadata actions (id, rev, msg, tag, severity, logdata)

I'm sharing this conversation in Slack #coreruleset: https://owasp.slack.com/archives/CBKGH8A5P/p1729806584858919, where we can evolve it with Coraza, CRS and Modsec people.