I'm currently returning a 403 Forbidden when a rule is hit by a matching request. 

I'd like to instead show an actual page saying "Forbidden - contact us if there's a problem" etc.

But what if someone was legitimately browsing our site and the only thing blocked by modsec was a single image, will my returning a custom html page for an image request screw up the visitors otherwise normal browsing session?

Am I better off creating a custom 403 error page in my Apache conf file or to have a redirect action as the SecFilterDefaultAction in Mod Security?

I'm using version Mod Security and 2.6.8 and CRS 2.2.5 as they were the only versions I could find on a yum repo, are there repo's with more recent compiled versions?

Geoff