mod_suphp, mod_security and general ispconfig integration

[Rustin]

I'm really new to ispconfig and so far am really pleased. In the past I have had a lot of trouble with clients implementing php code with poor input validation. This inevitably ends in fishing emails originating from my machine and worse. I have decided that on the new ispconfig server to somehow isolate user enviornments to better identify the bad code writers.
What I would like to implement is mod_security and mod_suphp. I have been hesitant to add any apache directives directly to the config files and have defaulted to adding them via the ispconfig interface.
Is there a general rule for where in a config file (that ispconfig writes to) it is ok to put additional options? Also, has anyone had any experience with implementing either of these modules with ispconfig?

thanks,
rustin

[till]

If the config file has a marker like :

### Make manual entries below this line ####

Then make manual entries only below the marker. If you want to add directives to an apache vhost, use the apache directives input field of the website in ISPConfig.