5.5. Securing the Apache HTTP Server

The Apache HTTP Server is one of the most stable and secure services that ships with Red Hat Enterprise Linux. There are an overwhelming number of options and techniques available to secure the Apache HTTP Server — too numerous to delve into deeply here.
It is important when configuring the Apache HTTP Server to read the documentation available for the application. This includes the chapter titled Apache HTTP Server in the Reference Guide, the chapter titled Apache HTTP Server Configuration in the System Administrators Guide.
Below is a list of configuration options administrators should be careful using.

5.5.1. FollowSymLinks

This directive is enabled by default, be sure to use caution when creating symbolic links to the document root of the Web server. For instance, it is a bad idea to provide a symbolic link to /.