apache2 security

  
Checklist:
1. Protect/Lock down configuration files to prevent modifications
2. Restrict access to key directories and files (chroot Apache's environment)
3. Validate all user input through field-size limitations, check for illegal characters, limit input range
4. Use only server-side validated data - dont rely on user-supplied input
5. Use name-based virtual hosting whenever possible - limit use of IP addresses
6. Log all requests and review logs daily
7. Limit other services (FTP)
8. Set owner of Apache directories to root - ensure permissions are no greater than 755
9. Create unique account (with unique UID/GID) for Apache - don't use other accounts and groups
10. No shell programs should be present in Apache's chroot-ed environment
11. Backup apache2.conf file and other files and alter for more secure settings
11. Use only those modules that are absolutely necessary for the server to function:
eg) http_core, mod_access, mod_auth, mod_dir, mod_log_config, mod_mine
12. Use other mods if necessary
13. Install apache to its own partition if possible