Here is some of my advice on what would provide a more secure Apache server:
- Patch your server and try to keep it as up to date as possible.
- Remove all sample scripts of add-on modules (mod_php, mod_cgi, mod_perl, etc.).
- If running PHP, CGI, and other script languages, consider using suEXEC, a wrapper program called by Apache to allow it to call scripts from a different user ID than the one it uses for Apache.
- Don’t allow uploads of any scripts into your web server by untrusted parties.
- Read about all vulnerabilities of any open-source projects that you install, such as PHPBB forums, for example.
- Don’t run the web server as root. Create a user with minimal rights to run the web server.
- Modify the response token for your web server. It’s harder for an attacker to bring it down when he or she doesn’t know what web server you are running.