If apache is ever compromised, the attacker will not have access to the entire file system.
Poorly written CGI scripts that may allow someone to access your server will not work.
There are extra libraries you'll need to have in the chroot jail for Apache to work.
If you use any Perl/CGI features with Apache, you will need to copy the needed binaries, Perl libraries and files to the appropriate spot within the chroot space. The same applies for SSL, PHP, LDAP, PostgreSQL and other third-party programs.
The above commands will enable the Audit Engine, which is responsible for logging requests, and the Filtering POST Engine, which will make it possible to log POST requests. In order to protect web application against CSS attacks, the following lines should also be inserted before "</IfModule>":
One of the typical signatures of SQL Injection attack is the appearance of an apostrophe (') or quotation mark (") in the GET or POST request. By rejecting all the requests containing those characters, we can make the use of SQL Injection technique very difficult: