The user directories that ISPConfig supports is something a bit old fashion for hosting these days. Unless you're at a university, I don't expect anyone to be using this feature. Also, with it enabled, HackerSafe and ScanAlert complain that it's a security vulnerability being able to guess usernames.
The offending lines in Vhosts_ispconfig.conf:
AliasMatch ^/~([^/]+)(/(.*))? /home/www/web1/user/$1/web/$3 AliasMatch ^/users/([^/]+)(/(.*))? /home/www/web1/user/$1/web/$3
First, copy the default vhost configuration file to the customized_templates:
cp /root/ispconfig/isp/conf/vhost.conf.master /root/ispconfig/isp/conf/customized_templates/
Next, edit the new file /root/ispconfig/isp/conf/customized_templates/vhost.conf.master to delete the following lines:
AliasMatch ^/~([^/]+)(/(.*))? {HTTPD_ROOT}/{WEB}/user/$1/web/$3 AliasMatch ^/users/([^/]+)(/(.*))? {HTTPD_ROOT}/{WEB}/user/$1/web/$3
For https virtual hosts, ISPConfig does not currently provide a template. Instead, you will need to edit a php file.
edit /root/ispconfig/scripts/lib/config.lib.php:
Around line 1569 or 1603 (depending on version) delete the following lines:
AliasMatch ^/~([^/]+)(/(.*))? ".$mod->system->server_conf["server_path_httpd_root"]."/web".$web["doc_id"]."/user/$1/web/$3 AliasMatch ^/users/([^/]+)(/(.*))? ".$mod->system->server_conf["server_path_httpd_root"]."/web".$web["doc_id"]."/user/$1/web/$3