1. Use the latest and most current version. Right now the latest is the Apache 2.2 series
2. Make sure you’ve installed all the latest security patches
3. Hide the Apache Version number, and other sensitive information
4. Make sure apache is running under its own user account and group
5. Ensure that files outside the web root are not served
6. Turn off directory browsing (mod_autoindex)
7. Turn off server side includes (SSI)
8. Turn off CGI execution
9. Don’t allow apache to use symbolic links
10. Turning off multiple Options
11. Turn off support for .htaccess files
12. Use the Apache mod_security
13. Disable all unnecessary modules
14. Make sure only root has read access to apache’s config and binaries
15. Lower the Timeout value
16. Limiting large requests
17. Limiting Concurrency
18. Restricting Access by IP
19. Adjusting KeepAlive settings
20. Run Apache in a Chroot environment