The Deny Directive for the OS root should be configured appropriately (1) all | hostname/IP address/environment variable (1) Deny directive L1 13. Access Control Directives p21 1.7 Restricting Access p14-15 CIS Apache Benchmark for Unix v1.7 For Apache Versions 1.3 and 2.0 CIS 2007-07-01 Version 1.7 Prose (PDF) Security Configuration Benchmark For Apache Web Server CIS 2008-11-01 Version 2.2.0 Prose (PDF)