How secure is Apache

I currently run Apache and keep a certain amount of files in my htdocs folder so I can access them from anywhere just by typing in my ip in any browser.  I have a c: that houses my OS and my d: is where loaded apache server.  Is this safe.  As I look through the logs, sometimes I see the following: - - [19/Apr/2006:01:50:28 -0400] "SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9

I just figure it's some automatic program coming in looking for holes?  Should I worry. Is there anything I can do to improve the security.  I heard since it was on my non OS drive I should be ok.  I run sygate personal firewall and keep most everything automatically updated.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Apache CAN be very secure.  It can also be very insecure.  It depends on whether or not it is properly installed and configured on a properly configured and secured host system.

The above is almost certainly an automated script looking for vulnerable servers.  This particular attack is not even Apache related.  It's the Microsoft IIS "WebDAV" (or a variant of it) attack which today SHOULD NOT even be effective on a Windows server.  The key item to identify this is the "SEARCH" command which is a part of IIS/WebDAV and is not standard HTTP.

Details here:

The exploits you need to worry about are the ones that DO NOT return a 4XX error code to the remote.  Those are the ones that succeed.  Yes, there are vulnerabilities in Apache so be sure you have Apache and your host OS (Linux of some flavor I presume) up-to-date with patches.
BTW, another useful technoque that I use is to add the IP of such hosts (which are likely compromised desktop PCs) to an IP filter to block them rom your network or server entirely.

In this case the ( is a Road Runner residential cable connection.  You can complain to but usually such complaints go unheeded.  I'd say just block that IP and any others you find probing your web server.
Surprising to know that this ancient dinosaur, Code Red, is still
residing on some machines scanning for IIS vulnerabilities.

Not much to add to what jhance has said, if it bothers you here's
'solution' from LinuxQuestions -to  just prevent this scan from being logged (well, not the brightest idea because it'd disable logging all 414 errors, but..)
most likely the applications hosted by the web server are much more vulnerable than the server itself
If you have any applications (CGI scripts or whatever) you first have to make these ones secure. Apache itself is just the second line of defence.
Rich RumbleSecurity SamuraiCommented:
Agreed with the above. Apache by default is more secure out of the box than IIS to be certain, but since Apache is also the most used webserver it is targeted just as much as IIS is. Keeping up2date with Apache patches and updates is a start, there are also best practices that can help mitigate further threats.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.