Hello,
I was assigned with the task of preparing a security policy for Apache HTTP
servers in my company and, despite I have a few years of experience with it
(mostly v2.2), I'd like to have a more formal reference material on which I
could base the policy.
Please, is there any good (and not
Check out the NIST and DISA checklist and STIG docs, they are good places
to start - their checks are based on industry best practices and Apache
httpd CVEs.
http://iase.disa.mil/stigs/downloads/zip/unclassified_web_srr_checklist_apache_v6r1-12_20100423.zip
