I'm interested in using mod_security with the ispconfig control panel vhost (default port 8080), has anyone taken the time to identify what rule id's typically get tripped up / need disabled there? The best (almost only) info I've seen is dated, in the comments from https://git.ispconfig.org/ispconfig/ispconfig3/issues/2511 - I'm working with the recently released CRS 3, which surely would need a fresh start in configuring. I'll probably run a while in DetectionOnly mode while sorting through this, but there are some things I don't have the setup to test (use of the remote api in particular). I'm also curious if this type of config would be wanted/received in upstream, after thorough testing? Ie. rather than just disable mod_security, properly configure it.