If you're going to compile and install Apache from source, use the Apache Toolbox.
Want to rotate all of your separate VirtualHost log files without restarting Apache? Use a little-known tool that comes with Apache called rotatelogs(8).
Change your TransferLog lines to:
TransferLog "|/path/to/rotatelogs /your/log/file.log 64800"
Read the ManPage for more information, or replace with CronoLog which has more features.
Probably the biggest problem. Upload and CGI directories need to be distinct (so people can't upload "improved" CGI scripts) and as small as possible.
Apache2 makes it easier to run different scripts or even different Virtual Hosts as different users, rather than as the user that Apache is running as.
Running in a chroot prison limits the damage than can be done should an application be compromised. See chroot(2) for details. Apache2 has better support for this.
See also:
You probably should FireWall the Apache user from connecting out to the InterNet unless you know that they actually have to. Doing this prevents a lot of exploits that people will attempt against your WebSite. The same idea can be applied to other services.
iptables --insert OUTPUT --match owner --uid-owner www-data --protocol tcp --syn --jump REJECT iptables --insert OUTPUT --match owner --uid-owner www-data --protocol tcp --syn --jump LOG
You can have additional information displayed at the top and bottom of a mod_autoindex directory listing by putting the text in a file called HEADER and README, respectively. Either file can any have FileExtension (or none). To enable this feature, you will need MultiViews on to be in effect for that request.
2 pages link to ApacheNotes: