Implement SecRuleUpdateActionByTag

[zaidanrizq]

Summary

Coraza currently does not implement the SecRuleUpdateActionByTag directive. As a result, users cannot bulk‐modify the action lists of existing rules by tag at runtime.

Basic example

# Desired behavior: for every rule tagged "application-multi", append
# logdata:' X-Request-ID=%{REQUEST_HEADERS.X-Request-ID}'
#
# (This does NOT work today, because Coraza ignores SecRuleUpdateActionByTag.)

SecRuleUpdateActionByTag "application-multi" \
    "@append logdata:' X-Request-ID=%{REQUEST_HEADERS.X-Request-ID}'"

Motivation

Adding SecRuleUpdateActionByTag (and potentially SecRuleUpdateActionById) support to Coraza closes a significant feature gap between Coraza and ModSecurity. It would dramatically simplify bulk updates to rule behaviors—such as appending correlation IDs to every log—and reduce the need for manual file edits or external scripting. For organizations adopting Coraza at scale (especially in containerized/WASM environments), this is an essential capability to maintain operational agility and consistency.

[trgalho]

I noticed that SecRuleUpdateActionByTag is not a directive from ModSecurity v2 / v3

I even had a PR draft (#1404) to implement this directive, but since it is not defined by ModSecurity, I won't proceed with the implementation.

Add this comment to warn other devs who may try to work on this issue.