diff --git a/install/tpl/apache_ispconfig.conf.master b/install/tpl/apache_ispconfig.conf.master
index 688283f50ebd76108ba4e882f67ea4e6b8cfccd8..8c2292d6a383192fe02ab9665a897c8745dc3bff 100644
--- a/install/tpl/apache_ispconfig.conf.master
+++ b/install/tpl/apache_ispconfig.conf.master
@@ -136,7 +136,7 @@ Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-know
         Allow from all
 		</tmpl_if>
         <IfModule mpm_itk_module>
-           AssignUserId www-data www-data
+           AssignUserId ispconfig ispconfig
         </IfModule>
 </Directory>
 
diff --git a/server/conf/apache_ispconfig.conf.master b/server/conf/apache_ispconfig.conf.master
index 040de236257467644fa4c644eb422bb4f2eee7ac..8c2292d6a383192fe02ab9665a897c8745dc3bff 100644
--- a/server/conf/apache_ispconfig.conf.master
+++ b/server/conf/apache_ispconfig.conf.master
@@ -15,24 +15,24 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
 
 <Directory /var/www/clients>
     AllowOverride None
-  <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-  Require all denied
-  <tmpl_else>
-  Order Deny,Allow
-  Deny from all
-  </tmpl_if>
+	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+	Require all denied
+	<tmpl_else>
+	Order Deny,Allow
+	Deny from all
+	</tmpl_if>
 </Directory>
 
 # Do not allow access to the root file system of the server for security reasons
 <Directory />
-  Options -Indexes
+	Options -Indexes
     AllowOverride None
-  <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-  Require all denied
-  <tmpl_else>
-  Order Deny,Allow
-  Deny from all
-  </tmpl_if>
+	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+	Require all denied
+	<tmpl_else>
+	Order Deny,Allow
+	Deny from all
+	</tmpl_if>
 </Directory>
 
 <Directory /var/www>
@@ -41,103 +41,103 @@ CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m
 
 <Directory /var/www/conf>
     AllowOverride None
-  <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-  Require all denied
-  <tmpl_else>
-  Order Deny,Allow
-  Deny from all
-  </tmpl_if>
+	<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+	Require all denied
+	<tmpl_else>
+	Order Deny,Allow
+	Deny from all
+	</tmpl_if>
 </Directory>
 
 # Except of the following directories that contain website scripts
 <Directory /usr/share/phpmyadmin>
-    <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-    Require all granted
-    <tmpl_else>
+		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+		Require all granted
+		<tmpl_else>
         Order allow,deny
         Allow from all
-    </tmpl_if>
+		</tmpl_if>
 </Directory>
 
 <Directory /usr/share/phpMyAdmin>
-    <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-    Require all granted
-    <tmpl_else>
+		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+		Require all granted
+		<tmpl_else>
         Order allow,deny
         Allow from all
-    </tmpl_if>
+		</tmpl_if>
 </Directory>
 
 <Directory /srv/www/htdocs>
-    <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-    Require all granted
-    <tmpl_else>
+		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+		Require all granted
+		<tmpl_else>
         Order allow,deny
         Allow from all
-    </tmpl_if>
+		</tmpl_if>
 </Directory>
 
 <Directory /usr/share/squirrelmail>
-    <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-    Require all granted
-    <tmpl_else>
+		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+		Require all granted
+		<tmpl_else>
         Order allow,deny
         Allow from all
-    </tmpl_if>
+		</tmpl_if>
 </Directory>
 
 # Allow access to mailman on OpenSuSE
 <Directory /usr/lib/mailman/cgi-bin>
-    <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-    Require all granted
-    <tmpl_else>
+		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+		Require all granted
+		<tmpl_else>
         Order allow,deny
         Allow from all
-    </tmpl_if>
+		</tmpl_if>
 </Directory>
 
 <Directory /usr/lib/mailman/icons>
-    <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-    Require all granted
-    <tmpl_else>
+		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+		Require all granted
+		<tmpl_else>
         Order allow,deny
         Allow from all
-    </tmpl_if>
+		</tmpl_if>
 </Directory>
 
 <Directory /var/lib/mailman/archives/>
         Options +FollowSymLinks
-    <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-    Require all granted
-    <tmpl_else>
+		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+		Require all granted
+		<tmpl_else>
         Order allow,deny
         Allow from all
-    </tmpl_if>
+		</tmpl_if>
 </Directory>
 
 # allow path to awstats and alias for awstats icons
 <Directory /usr/share/awstats>
-    <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-    Require all granted
-    <tmpl_else>
+		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+		Require all granted
+		<tmpl_else>
         Order allow,deny
         Allow from all
-    </tmpl_if>
+		</tmpl_if>
 </Directory>
 
 Alias /awstats-icon "/usr/share/awstats/icon"
 
 Alias /.well-known/acme-challenge /usr/local/ispconfig/interface/acme/.well-known/acme-challenge
 <Directory /usr/local/ispconfig/interface/acme/.well-known/acme-challenge>
-    <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
-    Require all granted
-    <tmpl_else>
+		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+		Require all granted
+		<tmpl_else>
         Order allow,deny
         Allow from all
-    </tmpl_if>
-	<IfModule mpm_itk_module>
-       AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'>
-    </IfModule>
+		</tmpl_if>
+        <IfModule mpm_itk_module>
+           AssignUserId ispconfig ispconfig
+        </IfModule>
 </Directory>
 
 NameVirtualHost *:80
@@ -145,3 +145,29 @@ NameVirtualHost *:443
 <tmpl_loop name="ip_adresses">
 NameVirtualHost {tmpl_var name="ip_address"}:{tmpl_var name="port"}
 </tmpl_loop>
+
+<tmpl_if name='apache_version' op='>=' value='2.3.3' format='version'>
+<IfModule mod_ssl.c>
+  <tmpl_var name="ssl_comment">SSLStaplingCache shmcb:/var/run/ocsp(128000)
+</IfModule>
+</tmpl_if>
+
+<Directory /var/www/php-cgi-scripts>
+  AllowOverride None
+  <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+  Require all denied
+  <tmpl_else>
+  Order Deny,Allow
+  Deny from all
+  </tmpl_if>
+</Directory>
+
+<Directory /var/www/php-fcgi-scripts>
+  AllowOverride None
+  <tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+  Require all denied
+  <tmpl_else>
+  Order Deny,Allow
+  Deny from all
+  </tmpl_if>
+</Directory>