diff --git a/actions/admin/settings/136.phpfpm.php b/actions/admin/settings/136.phpfpm.php
index 13e733ae..a62f0c2f 100644
--- a/actions/admin/settings/136.phpfpm.php
+++ b/actions/admin/settings/136.phpfpm.php
@@ -86,7 +86,39 @@ return array(
 					'default' => false,
 					'visible' => Settings::Get('system.apache24'),
 					'save_method' => 'storeSettingField'
-					)
+					),
+				'system_phpfpm_ini_flags' => array(
+					'label' => $lng['phpfpm']['ini_flags'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_flags',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_values' => array(
+					'label' => $lng['phpfpm']['ini_values'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_values',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_admin_flags' => array(
+					'label' => $lng['phpfpm']['ini_admin_flags'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_admin_flags',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_admin_values' => array(
+					'label' => $lng['phpfpm']['ini_admin_values'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_admin_values',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				)
 				),
 			),
 		),
diff --git a/install/froxlor.sql b/install/froxlor.sql
index cbcae082..fd762195 100644
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -423,6 +423,102 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('phpfpm', 'vhost_defaultini', '2'),
 	('phpfpm', 'fastcgi_ipcdir', '/var/lib/apache2/fastcgi/'),
 	('phpfpm', 'use_mod_proxy', '0'),
+	('phpfpm', 'ini_flags', 'asp_tags
+display_errors
+display_startup_errors
+html_errors
+log_errors
+magic_quotes_gpc
+magic_quotes_runtime
+magic_quotes_sybase
+mail.add_x_header
+session.cookie_secure
+session.use_cookies
+short_open_tag
+track_errors
+xmlrpc_errors
+suhosin.simulation
+suhosin.session.encrypt
+suhosin.session.cryptua
+suhosin.session.cryptdocroot
+suhosin.cookie.encrypt
+suhosin.cookie.cryptua
+suhosin.cookie.cryptdocroot
+suhosin.executor.disable_eval
+mbstring.func_overload'),
+	('phpfpm', 'ini_values', 'auto_append_file
+auto_prepend_file
+date.timezone
+default_charset
+error_reporting
+include_path
+log_errors_max_len
+mail.log
+max_execution_time
+session.cookie_domain
+session.cookie_lifetime
+session.cookie_path
+session.name
+session.serialize_handler
+upload_max_filesize
+xmlrpc_error_number
+session.auto_start
+always_populate_raw_post_data
+suhosin.session.cryptkey
+suhosin.session.cryptraddr
+suhosin.session.checkraddr
+suhosin.cookie.cryptkey
+suhosin.cookie.plainlist
+suhosin.cookie.cryptraddr
+suhosin.cookie.checkraddr
+suhosin.executor.func.blacklist
+suhosin.executor.eval.whitelist'),
+	('phpfpm', 'ini_admin_flags', 'allow_call_time_pass_reference
+allow_url_fopen
+allow_url_include
+auto_detect_line_endings
+cgi.fix_pathinfo
+cgi.force_redirect
+enable_dl
+expose_php
+file_uploads
+ignore_repeated_errors
+ignore_repeated_source
+log_errors
+register_argc_argv
+report_memleaks
+opcache.enable
+opcache.consistency_checks
+opcache.dups_fix
+opcache.load_comments
+opcache.revalidate_path
+opcache.save_comments
+opcache.use_cwd
+opcache.validate_timestamps
+opcache.fast_shutdown'),
+	('phpfpm', 'ini_admin_values', 'cgi.redirect_status_env
+date.timezone
+disable_classes
+disable_functions
+error_log
+gpc_order
+max_input_time
+max_input_vars
+memory_limit
+open_basedir
+output_buffering
+post_max_size
+precision
+sendmail_path
+session.gc_divisor
+session.gc_probability
+variables_order
+opcache.log_verbosity_level
+opcache.restrict_api
+opcache.revalidate_freq
+opcache.max_accelerated_files
+opcache.memory_consumption
+opcache.interned_strings_buffer'),
 	('nginx', 'fastcgiparams', '/etc/nginx/fastcgi_params'),
 	('system', 'lastaccountnumber', '0'),
 	('system', 'lastguid', '9999'),
@@ -590,7 +686,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
 	('panel', 'version', '0.9.38.8'),
-	('panel', 'db_version', '201801101');
+	('panel', 'db_version', '201801110');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php
index 9891df2b..e9e1e39e 100644
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -3761,3 +3761,107 @@ if (isDatabaseVersion('201801100')) {
 
 	updateToDbVersion('201801101');
 }
+
+if (isDatabaseVersion('201801101')) {
+
+	showUpdateStep("Adding dynamic php-fpm php.ini settings");
+	Settings::AddNew('phpfpm.ini_flags', 'asp_tags
+display_errors
+display_startup_errors
+html_errors
+log_errors
+magic_quotes_gpc
+magic_quotes_runtime
+magic_quotes_sybase
+mail.add_x_header
+session.cookie_secure
+session.use_cookies
+short_open_tag
+track_errors
+xmlrpc_errors
+suhosin.simulation
+suhosin.session.encrypt
+suhosin.session.cryptua
+suhosin.session.cryptdocroot
+suhosin.cookie.encrypt
+suhosin.cookie.cryptua
+suhosin.cookie.cryptdocroot
+suhosin.executor.disable_eval
+mbstring.func_overload');
+	Settings::AddNew('phpfpm.ini_values', 'auto_append_file
+auto_prepend_file
+date.timezone
+default_charset
+error_reporting
+include_path
+log_errors_max_len
+mail.log
+max_execution_time
+session.cookie_domain
+session.cookie_lifetime
+session.cookie_path
+session.name
+session.serialize_handler
+upload_max_filesize
+xmlrpc_error_number
+session.auto_start
+always_populate_raw_post_data
+suhosin.session.cryptkey
+suhosin.session.cryptraddr
+suhosin.session.checkraddr
+suhosin.cookie.cryptkey
+suhosin.cookie.plainlist
+suhosin.cookie.cryptraddr
+suhosin.cookie.checkraddr
+suhosin.executor.func.blacklist
+suhosin.executor.eval.whitelist');
+	Settings::AddNew('phpfpm.ini_admin_flags', 'allow_call_time_pass_reference
+allow_url_fopen
+allow_url_include
+auto_detect_line_endings
+cgi.fix_pathinfo
+cgi.force_redirect
+enable_dl
+expose_php
+file_uploads
+ignore_repeated_errors
+ignore_repeated_source
+log_errors
+register_argc_argv
+report_memleaks
+opcache.enable
+opcache.consistency_checks
+opcache.dups_fix
+opcache.load_comments
+opcache.revalidate_path
+opcache.save_comments
+opcache.use_cwd
+opcache.validate_timestamps
+opcache.fast_shutdown');
+	Settings::AddNew('phpfpm.ini_admin_values', 'cgi.redirect_status_env
+date.timezone
+disable_classes
+disable_functions
+error_log
+gpc_order
+max_input_time
+max_input_vars
+memory_limit
+open_basedir
+output_buffering
+post_max_size
+precision
+sendmail_path
+session.gc_divisor
+session.gc_probability
+variables_order
+opcache.log_verbosity_level
+opcache.restrict_api
+opcache.revalidate_freq
+opcache.max_accelerated_files
+opcache.memory_consumption
+opcache.interned_strings_buffer');
+	lastStepStatus(0);
+
+	updateToDbVersion('201801110');
+}
diff --git a/lib/classes/phpinterface/class.phpinterface_fpm.php b/lib/classes/phpinterface/class.phpinterface_fpm.php
index 0509666a..f72a2410 100644
--- a/lib/classes/phpinterface/class.phpinterface_fpm.php
+++ b/lib/classes/phpinterface/class.phpinterface_fpm.php
@@ -48,112 +48,7 @@ class phpinterface_fpm
 	 *
 	 * @var array
 	 */
-	private $_ini = array(
-		'php_value' => array(
-			'auto_append_file',
-			'auto_prepend_file',
-			'date.timezone',
-			'default_charset',
-			'error_reporting',
-			'include_path',
-			'log_errors_max_len',
-			'mail.log',
-			'max_execution_time',
-			'session.cookie_domain',
-			'session.cookie_lifetime',
-			'session.cookie_path',
-			'session.name',
-			'session.serialize_handler',
-			'upload_max_filesize',
-			'xmlrpc_error_number',
-			'session.auto_start',
-			'always_populate_raw_post_data',
-			'suhosin.session.cryptkey',
-			'suhosin.session.cryptraddr',
-			'suhosin.session.checkraddr',
-			'suhosin.cookie.cryptkey',
-			'suhosin.cookie.plainlist',
-			'suhosin.cookie.cryptraddr',
-			'suhosin.cookie.checkraddr',
-			'suhosin.executor.func.blacklist',
-			'suhosin.executor.eval.whitelist'
-		),
-		'php_flag' => array(
-			'asp_tags',
-			'display_errors',
-			'display_startup_errors',
-			'html_errors',
-			'log_errors',
-			'magic_quotes_gpc',
-			'magic_quotes_runtime',
-			'magic_quotes_sybase',
-			'mail.add_x_header',
-			'session.cookie_secure',
-			'session.use_cookies',
-			'short_open_tag',
-			'track_errors',
-			'xmlrpc_errors',
-			'suhosin.simulation',
-			'suhosin.session.encrypt',
-			'suhosin.session.cryptua',
-			'suhosin.session.cryptdocroot',
-			'suhosin.cookie.encrypt',
-			'suhosin.cookie.cryptua',
-			'suhosin.cookie.cryptdocroot',
-			'suhosin.executor.disable_eval',
-			'mbstring.func_overload'
-		),
-		'php_admin_value' => array(
-			'cgi.redirect_status_env',
-			'date.timezone',
-			'disable_classes',
-			'disable_functions',
-			'error_log',
-			'gpc_order',
-			'max_input_time',
-			'max_input_vars',
-			'memory_limit',
-			'open_basedir',
-			'output_buffering',
-			'post_max_size',
-			'precision',
-			'sendmail_path',
-			'session.gc_divisor',
-			'session.gc_probability',
-			'variables_order',
-			'opcache.log_verbosity_level',
-			'opcache.restrict_api',
-			'opcache.revalidate_freq',
-			'opcache.max_accelerated_files',
-			'opcache.memory_consumption',
-			'opcache.interned_strings_buffer'
-		),
-		'php_admin_flag' => array(
-			'allow_call_time_pass_reference',
-			'allow_url_fopen',
-			'allow_url_include',
-			'auto_detect_line_endings',
-			'cgi.fix_pathinfo',
-			'cgi.force_redirect',
-			'enable_dl',
-			'expose_php',
-			'file_uploads',
-			'ignore_repeated_errors',
-			'ignore_repeated_source',
-			'log_errors',
-			'register_argc_argv',
-			'report_memleaks',
-			'opcache.enable',
-			'opcache.consistency_checks',
-			'opcache.dups_fix',
-			'opcache.load_comments',
-			'opcache.revalidate_path',
-			'opcache.save_comments',
-			'opcache.use_cwd',
-			'opcache.validate_timestamps',
-			'opcache.fast_shutdown'
-		)
-	);
+	private $_ini = array();
 
 	/**
 	 * main constructor
@@ -165,6 +60,17 @@ class phpinterface_fpm
 		}
 		$this->_domain = $domain;
 		$this->_readFpmConfig($domain['fpm_config_id']);
+		$this->_buildIniMapping();
+	}
+
+	private function _buildIniMapping()
+	{
+		$this->_ini = array(
+			'php_flag' => explode("\n", Settings::Get('phpfpm.ini_flags')),
+			'php_value' => explode("\n", Settings::Get('phpfpm.ini_values')),
+			'php_admin_flag' => explode("\n", Settings::Get('phpfpm.ini_admin_flags')),
+			'php_admin_value' => explode("\n", Settings::Get('phpfpm.ini_admin_values'))
+		);
 	}
 
 	private function _readFpmConfig($fpm_config_id)
diff --git a/lib/version.inc.php b/lib/version.inc.php
index ac4adb0f..4f1da38b 100644
--- a/lib/version.inc.php
+++ b/lib/version.inc.php
@@ -19,7 +19,7 @@
 $version = '0.9.38.8';
 
 // Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201801101';
+$dbversion = '201801110';
 
 // Distribution branding-tag (used for Debian etc.)
 $branding = '';
diff --git a/lng/english.lng.php b/lng/english.lng.php
index 6f81978a..831893f2 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -2096,3 +2096,7 @@ $lng['serversettings']['ssl']['ssl_protocols']['title'] = 'Configure the TLS pro
 $lng['serversettings']['ssl']['ssl_protocols']['description'] = 'This is a list of ssl protocols that you want (or don\'t want) to use when using SSL. <b>Notice:</b> Some older browsers may not support the newest protcol versions.<br /><br /><b>Default value is:</b><pre>TLSv1, TLSv1.2</pre>';
 $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'] = 'Allowed extensions';
 $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'] = 'Limits the extensions of the main script FPM will allow to parse. This can prevent configuration mistakes on the web server side. You should only limit FPM to .php extensions to prevent malicious users to use other extensions to execute php code. Default value: .php';
+$lng['phpfpm']['ini_flags'] = 'Enter possible <strong>php_flag</strong>s for php.ini. One entry per line';
+$lng['phpfpm']['ini_values'] = 'Enter possible <strong>php_value</strong>s for php.ini. One entry per line';
+$lng['phpfpm']['ini_admin_flags'] = 'Enter possible <strong>php_admin_flag</strong>s for php.ini. One entry per line';
+$lng['phpfpm']['ini_admin_values'] = 'Enter possible <strong>php_admin_value</strong>s for php.ini. One entry per line';
diff --git a/lng/german.lng.php b/lng/german.lng.php
index f67f55f5..9ccfa6da 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1747,3 +1747,7 @@ $lng['serversettings']['ssl']['ssl_protocols']['title'] = 'SSL Protokollversion
 $lng['serversettings']['ssl']['ssl_protocols']['description'] = 'Dies ist eine Liste von SSL/TLS Protokollversionen die genutzt werden sollen (oder auch nicht genutzt werden sollen), wenn SSL verwendet wird. <b>Hinweis:</b> Ältere Browser sind möglicherweise nicht vollständig zum neusten Protokoll kompatibel.<br /><br /><b>Standard-Wert ist:</b><pre>TLSv1, TLSv1.2</pre>';
 $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'] = 'Erlaubte Dateiendungen';
 $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'] = 'Beschränkt die Dateierweiterungen des Haupt-Skripts, das FPM zu parsen erlaubt. Dies kann Konfigurationsfehler auf der Webserverseite verhindern. Sie sollten FPM nur auf .php Erweiterungen beschränken, um zu verhindern, dass bösartige Nutzter andere Erweiterungen verwenden, um PHP Code auszuführen. Standardwert: .php';
+$lng['phpfpm']['ini_flags'] = 'Mögliche <strong>php_flag</strong>s für die php.ini. Pro Zeile eine Direktive';
+$lng['phpfpm']['ini_values'] = 'Mögliche <strong>php_value</strong>s für die php.ini. Pro Zeile eine Direktive';
+$lng['phpfpm']['ini_admin_flags'] = 'Mögliche <strong>php_admin_flag</strong>s für die php.ini. Pro Zeile eine Direktive';
+$lng['phpfpm']['ini_admin_values'] = 'Mögliche <strong>php_admin_value</strong>s für die php.ini. Pro Zeile eine Direktive';