Apache

20 ways to secure Apache

Posted June 21st, 2006 in
These steps are from Pete Freitag's Homepage.
  1. First, make sure you've installed latest security patches.
  2. Hide the Apache Version number, and other sensitive information.
  3. Make sure apache is running under its own user account and group.
  4. Ensure that files outside the web root are not served.
  5. Turn off directory browsing.
  6. Turn off server side includes.
  7. Turn off CGI execution.
  8. Don't allow apache to follow symbolic links.
  9. Turn off multiple Options.
  10. Turn off support for .htaccess files.