Hey gang. I found this on Security Focus today. It seems like a pretty good guide. Let me know what you think.

Before we start securing Apache, we must specify what functionality we expect from the server. Variety of Apache's use makes it difficult to write a universal procedure to secure the server in every case. That's why in this article we'll base on the following functionality:

-the Web server will be accessible from the Internet only static HTML pages will be served

-the server will support name-based virtual hosting mechanism

-specified Web pages can be accessible only from selected IP addresses or users (basicauthentication)

-the server will log all the Web requests (including information about Web browsers)
Get the full article here.

Enjoy.