Here's roughly how we would do it at my work (assumes that this is under some site specific directory):
The main consideration is to ensure that nothing goes under the www/ folder unless you really need direct Web access to it. Otherwise, one slip in your configuration could give away information that you may not want others to see.
New address of my CGI Course.
Silence is Evil (feel free to copy and distribute widely - note copyright text)