Security and privacy

Hello,

Having read through the documentation on docs.moodle.org and some of the posts on this forum I cannot find a definative guide on how to set up your httpd.conf file for Moodle so that the Apache Server runs in a 'production' type mode with all of the security required to reduce the chance of hackers getting into your system.

I have been reading in books and on the internet (http://www.petefreitag.com/item/505.cfm and http://httpd.apache.org/docs/2.2/platform/windows.html) about httpd.conf directives that secure your server - especially as most free WAMPs are presented as for 'development' use only. One website even suggested that Apache should not be run on Windows and to use a LAMP server instead. Even though I would be happy to install Ubuntu etc. This is just not viable for the system run by my employer.

So, can anybody suggest / post a really good 'production' level httpd.conf extract for Moodle (and any other tweaks)?

Thanks,

Gareth