Also, if you want to keep this secure, make sure you remove all non-used mime.types, all mappings inside of the webserver that are not being used, any remote admin tools, of if you use a remote admin tool, only allow it to connect from a certain IP, or IP's, not a entire subnet, etc...
Make...