Apache server must have basic security Settings

Apache is the world's largest occupancy rate of web server software, known for installation, stability, the default installation after 1 more relaxed restrictions, you can step 1 Settings to strengthen its security.
1. Hidden version information:

ServerSignature off # No footer information is output 
ServerTokens prod # No output apache Version information 

2. Run as a low-privilege user:

User nobody
Group nobody

3. Website directory setting:

<Directory "/var/www/html">
#Options Indexes FollowSymLinks # Unbrowse the directory and link to another directory 
AllowOverride None  # ban htaccess
php_admin_value open_basedir /var/www/html/ # Limit active directories to prevent cross-site, multiple directories to : Apart, 
Order allow,deny
Allow from all
</Directory>

4. Hide the php version, edit the php configuration file php. ini, add or modify:

expose_php Off

5. Close the module that does not need to be loaded
The following modules are usually activated without much use:

mod_imap, mod_include, mod_info, mod_userdir, mod_status, mod_cgi, mod_autoindex

6. Use the security module mod_security
You can search for "mod_security" related articles for details
7. Close directory browsing
You can do this with the option command within the directory tag. Set option to none or -indexes.
options -indexes
8. Close includes
You can do this by using the option command within the directory tag. Set option to none or -includes.
options -includes
9. Close cgi execution
If you don't use cgi, turn it off. Set the option to none or -execcgi in the directory label:
options -execcgi