Document the 'tag' action. See #276.

doc/modsecurity2-apache-reference.xml

@@ -3,7 +3,7 @@
   <title>ModSecurity Reference Manual</title>
 
   <articleinfo>
-    <releaseinfo>Version 2.5.0-dev3 / (September 21, 2007)</releaseinfo>
+    <releaseinfo>Version 2.5.0-dev3 / (September 28, 2007)</releaseinfo>
 
     <copyright>
       <year>2004-2007</year>
@@ -4458,6 +4458,27 @@ SecRule REQUEST_COOKIES:SESSIONID "47414e81cbbef3cf8366e84eeacba091" \
       rule.</para>
     </section>
 
+    <section>
+      <title><literal>tag</literal></title>
+
+      <para><emphasis role="bold">Description:</emphasis> Assigns custom text
+      to a rule or chain.</para>
+
+      <para><emphasis role="bold">Action Group:</emphasis> Metadata</para>
+
+      <para>Example:</para>
+
+      <programlisting format="linespecific">SecRule REQUEST_FILENAME "\b(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe\b" \
+    "deny,msg:'System Command Access',id:'950002',<emphasis role="bold">tag:'WEB_ATTACK/FILE_INJECTION',tag:'OWASP/A2'</emphasis>,severity:'2'"</programlisting>
+
+      <para><emphasis role="bold">Note</emphasis></para>
+
+      <para>The tag information appears in the error and/or audit log files.
+      Its intent is to be used to automate classification of rules and the
+      alerts generated by rules. Multiple tags can be used per
+      rule/chain.</para>
+    </section>
+
     <section>
       <title><literal>xmlns</literal></title>