Merge pull request #260 from S0obi/feature/add-note-on-chained-rule-fine-tunning

feat: add a note about fine tuning chained rules

Author: EsadCetiner

content/2-how-crs-works/2-3-false-positives-and-tuning.md

@@ -122,6 +122,10 @@ The different rule exclusion types and methods are summarized in the table below
 This table is available as a well presented, downloadable [Rule Exclusion Cheatsheet](https://www.netnea.com/cms/rule-exclusion-cheatsheet-download) from Christian Folini.
 {{% /notice %}}
 
+{{% notice note %}}
+When using `SecRuleUpdateTargetById` and `ctl:ruleRemoveTargetById` with *chained rules*, target exclusions are only applied to the first rule in the chain. You can't exclude targets from other rules in the chain, depending on how the rule is written, you may have to remove the entire rule using `SecRuleRemoveById` or `ctl:ruleRemoveById`. This is a current limitation of the SecLang configuration language.
+{{% /notice %}}
+
 {{% notice note %}}
 There's also a third group of rule exclusion directives and actions, the use of which is discouraged. As well as excluding rules "ById" and "ByTag", it's also possible to exclude "ByMsg" (`SecRuleRemoveByMsg`, `SecRuleUpdateTargetByMsg`, `ctl:ruleRemoveByMsg`, and `ctl:ruleRemoveTargetByMsg`). This excludes rules based on the message they write to the error log. These messages can be dynamic and may contain special characters. As such, trying to exclude rules by message is difficult and error-prone.
 {{% /notice %}}