Yes it can be done as we do this as part of our demo here - 
http://www.modsecurity.org/demo/phpids?test=YourPayloadHere%27+or+%272%27+%21%3D+%275%27%3B--

Take a look at these rules for some similar functionality -
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/optional_rules/modsecurity_crs_49_header_tagging.conf

Basically you need to use setenv and then in the HTML page use SSI to populate the data from setenv. 

--
Ryan Barnett


On May 25, 2013, at 12:00 PM, "Justin Searle" <justin@meeas.com> wrote:

Hi guys.  I'm working on a new security course, and I was wondering if
there is a simple way to have ModSec add which rule was triggered (and
maybe the rule's regex) in the 403 response.  Is that possible by
throwing in the some variable in the SecDefaultAction directive, or by
some other means?

Justin Searle
Managing Partner - UtiliSec
+1 801-784-2052

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
mod-security-developers mailing list
mod-security-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php




This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.