In this artile I am explaining some ways to secure apache.
1 . Stay Updated
Make sure that you are installing latest updates.
2. Hide Apache version
If you do not turn this off, anyone can check which version of apache you are running by just telnet-ing to its port. So always disable this. To do this add the following to your httpd.conf
ServerSignature Off ServerTokens Prod
The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default
The ServerTokens directive is used to determine what Apache will put in the Server HTTP response header. By setting it to Prod it sets the HTTP response header as follows:
3. Apache user:group
It is common that in many servers both apache and (mail server or mysql) running under the user nobody. So if a hacker is through this it is harmful to all services. So make sure that apache is running under its own user. Open httpd.conf and make the following changes.
User apache Group apache