Mod_security rules go where on vps?


I would like to add some custom mod_security rules on our vps server. Where exactly do they go?? In an .htaccess file for each hosted site? Or in /dh/apache2/-apache2-psxxxxx/etc? Would be nice to have the rules apply to all sites, so I would like to stay away from a per site .htaccess file.

I see quite a few templates in /dh/apache2/template/etc and /dh/apache2/template/etc/mod_sec2, but I’m not sure which are actually being used, if any.

Thanks for any pointers.