Limiting a single client's website's cpu?

We are running a cpanel server for multiple customers, generally with no issues. Apache, php, sql, etc all normally run smoothly. The machine's normal cpu load is on the order of 0.30, and is very well responsive

ONE client has a website designed in php, in such a way that when it is accessed repeatedly and rapidly, such as when it is being re-indexed by a webcrawler, the multiple simultaneous web accesses drive the cpu load up to 4.0 and higher, slowing the entire machine down if I let it climb further.

A bit of googling suggests that I can set per-username limits via /etc/security/limits.conf for "priority" and/or "nice". And my minor bit of testing shows that any such limits I add there take effect immediately upon a new login.

But the Apache httpd process does not pass such limits down when it forks. The php process is seeming to be running with Apache's own niceness (0), and not what I define in the limits.conf file. "top" shows that the "NI" for their php processes remains at 0, the "PR" column shows either 16 or 17, regardless of whether I set theirs to 5 or 19.

All the other websites on this server are "well behaved"; what can I do to limit the impact of a single user's poorly written php, without affecting everybody else's?