mod_suphp, mod_security and general ispconfig integration
I'm really new to ispconfig and so far am really pleased. In the past I have had a lot of trouble with clients implementing php code with poor input validation. This inevitably ends in fishing emails originating from my machine and worse. I have decided that on the new ispconfig server to somehow isolate user enviornments to better identify the bad code writers.
What I would like to implement is mod_security and mod_suphp. I have been hesitant to add any apache directives directly to the config files and have defaulted to adding them via the ispconfig interface.
Is there a general rule for where in a config file (that ispconfig writes to) it is ok to put additional options? Also, has anyone had any experience with implementing either of these modules with ispconfig?