I'm really new to ispconfig and so far am really pleased. In the past I have had a lot of trouble with clients implementing php code with poor input validation. This inevitably ends in fishing emails originating from my machine and worse. I have decided that on the new ispconfig server to somehow isolate user enviornments to better identify the bad code writers. What I would like to implement is mod_security and mod_suphp. I have been hesitant to add any apache directives directly to the config files and have defaulted to adding them via the ispconfig interface. Is there a general rule for where in a config file (that ispconfig writes to) it is ok to put additional options? Also, has anyone had any experience with implementing either of these modules with ispconfig? thanks, rustin
If the config file has a marker like : ### Make manual entries below this line #### Then make manual entries only below the marker. If you want to add directives to an apache vhost, use the apache directives input field of the website in ISPConfig.
