You should configure your apache httpd.conf file, please see Security Tips
<Directory />
Require all denied
</Directory>
This will forbid default access to filesystem locations. Add appropriate Directory blocks to allow access only in those areas you wish. For example,
<Directory /usr/users/*/public_html>
Require all granted
</Directory>
<Directory /usr/local/httpd>
Require all granted
</Directory>