apache安全配置求教

我的httpd.conf文件配置如下，已删除注释部分
<IfModule mpm_prefork_module>
    StartServers          5
    MinSpareServers       5
    MaxSpareServers      10
    MaxClients          150
    MaxRequestsPerChild   0
</IfModule>
MaxRequestsPerChild  0
ServerRoot "E:/AppServ/Apache2.2"
Listen 80
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
HostnameLookups Off
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule php5_module E:/AppServ\php5\php5apache2_2.dll
ServerAdmin [EMAIL="admin@admin.com"]admin@admin.com[/EMAIL]
ServerName 192.168.10.1:80
DocumentRoot "E:/AppServ/www"
<Directory />＃禁止目录扫描[/COLOR]
  Options None   
AllowOverride None
    Order deny,allow
    Deny from all
    Satisfy all
</Directory>
<Directory "E:/AppServ/www>＃禁止目录扫描[/COLOR]
Options None
    AllowOverride None
Allow from all
Order deny,allow
</Directory>
<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
</FilesMatch>
ErrorLog logs/error.log
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog logs/access.log common
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "E:/AppServ/www/cgi-bin/"
</IfModule>
<Directory "E:/AppServ/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule mod_php5.c>
  AddType application/x-httpd-php .php
  AddType application/x-httpd-php .php3
  AddType application/x-httpd-php-source .phps
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Alias /icons/ "E:/AppServ/Apache2.2/icons/"
<Directory "E:/AppServ/Apache2.2/icons">
    Options -Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
ServerSignature Off
ServerTokens Prod

用X-SCAN扫描了结果如下<TABLE cellSpacing=1 cellPadding=2 width="100%" border=0><TBODY><TR><TD class=default vAlign=top width="10%">提示</TD><TD class=default vAlign=top width="20%">www (80/tcp)</TD><TD class=default width="70%">[B]开放服务     ＃查了许多资料说通过设置[/COLOR][/B]ServerSignature Off    ServerTokens Prod这两项可避免,结果无效
[/COLOR]
"WEB"服务运行于该端口
BANNER信息 :

HTTP/1.1 200 OK
Date: Thu, 17 May 2007 01:26:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.1
Content-Length: 54
Connection: close
Content-Type: text/html

<meta http-equiv='refresh' content='0
url=index.html'>
NESSUS_ID : [URL="http://www.nessus.org/plugins/index.php?view=single&id=10330"]10330[/COLOR][/URL]
</TD></TR><TR><TD class=default vAlign=top width="10%">提示</TD><TD class=default vAlign=top width="20%">www (80/tcp)</TD><TD class=default width="70%">[B]目录扫描器[/B]

该插件试图确认远程主机上存在的各普通目录
___________________________________________________________________

The following directories were discovered:
/code

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

The following directories require authentication:
/phpMyAdmin
NESSUS_ID : [URL="http://www.nessus.org/plugins/index.php?view=single&id=11032"]11032[/COLOR][/URL]
Other references : OWASP:OWASP-CM-006</TD></TR></TBODY></TABLE>
按我的配置不能屏蔽此两项内容　　　　　　

红色标记那里需要在跟目录下做.

那么一大堆 LoadModule 如果不是必须, 建议注释掉不用的, 这些配置对apache的性能和安全都会有影响.