Running httpd in the chroot(2)Environment
You can make significant progress toward a secure environment by running your httpd in a chroot'd environment. When you force a process to run chroot, it treats the hierarchy beneath the chroot'd directory as its entire filesystem and won't be able to access anything beneath it. This implies that the DocumentRoot must be set up as a complete, minimal filesystem, including shared libraries and possibly certain devices, to allow the httpd process to run. Implementing this is nontrivial. You should consult the documentation for your operating system to perform it correctly. If you're really worried about the security of the rest of your filesystem, however, it's a very reassuring alternative.