diff --git a/apache/templates/evolinux-default.conf.j2 b/apache/templates/evolinux-default.conf.j2
index 8a5259f5..2c8f3971 100644
--- a/apache/templates/evolinux-default.conf.j2
+++ b/apache/templates/evolinux-default.conf.j2
@@ -2,10 +2,19 @@
     ServerName {{ ansible_fqdn }}
     ServerAdmin webmaster@localhost
 
+    DocumentRoot /var/www/
+
     RewriteEngine on
-    RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC]
-    # RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
+    # Redirect to HTTPS, execpt for munin, because some plugins
+    # can't handle HTTPS! :(
+    RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] [OR]
+    RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
     RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
+
+    <Location /munin_opcache.php>
+        Require ip 127.0.0.1
+    </Location>
+
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -17,31 +26,39 @@
     SSLEngine on
     SSLCertificateFile    {{ apache_evolinux_default_ssl_cert }}
     SSLCertificateKeyFile {{ apache_evolinux_default_ssl_key }}
-    # SSLProtocol all -SSLv2 -SSLv3
 
+    # We override these 2 Directory directives setted in apache2.conf.
+    # We want no access except from allowed IP address.
+    <Directory />
+        Options -Indexes
+        Require all denied
+        Include /etc/apache2/private_ipaddr_whitelist.conf
+    </Directory>
     <Directory /var/www/>
-        Options +Indexes +FollowSymLinks +MultiViews
-        AllowOverride None
-
+        Options -Indexes
+        Require all denied
         Include /etc/apache2/private_ipaddr_whitelist.conf
     </Directory>
 
+    # Munin. We need to set Directory directive as Alias take precedence.
     Alias /munin /var/cache/munin/www
-    <Directory /var/cache/munin/www/>
-        Options +Indexes +FollowSymLinks +MultiViews
-        AllowOverride None
-
+    <Directory /var/cache/munin/>
+        Options -Indexes
+        Require all denied
+        Include /etc/apache2/private_ipaddr_whitelist.conf
+    </Directory>
+    <Directory /usr/lib/munin/cgi/>
+        Options -Indexes
+        Require all denied
         Include /etc/apache2/private_ipaddr_whitelist.conf
     </Directory>
 
-    <Location /munin_opcache.php>
-        Include /etc/apache2/private_ipaddr_whitelist.conf
-    </Location>
-
+    # For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-    <Directory "/usr/lib/cgi-bin">
-        AllowOverride None
+    <Directory /usr/lib/cgi-bin>
         Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+        Require all denied
+        Include /etc/apache2/private_ipaddr_whitelist.conf
     </Directory>
 
     ErrorDocument 403 {{ apache_default_redirect_url }}
@@ -54,7 +71,7 @@
     IncludeOptional /etc/apache2/conf-available/phpmyadmin*
 
     <Files ~ "\.(inc|bak)$">
-        deny from all
+        Require all denied
     </Files>
 
 </VirtualHost>