Comment 1 for bug 386608

The examples should also do a better job of protecting sensitive directories. Here are my suggestions

    DocumentRoot /usr/share/bugzilla3/web
    Alias /cgi-bin /usr/lib/cgi-bin/bugzilla3
    Alias /data /var/lib/bugzilla3/data

    RewriteEngine On
    RewriteRule ^/(.*\.cgi.*) /cgi-bin/$1 [PT]
    RewriteRule ^/index.html$ /cgi-bin/index.cgi [PT]
    RewriteLog "/var/log/apache2/rewrite.log"
    RewriteLogLevel 2

    <Directory "/usr/lib/cgi-bin/bugzilla3">
           AllowOverride None
           Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
           Order allow,deny
           Allow from all
           AddHandler cgi-script .cgi
    </Directory>

    <Directory "/var/lib/bugzilla3/data">
           deny from all
    </Directory>

    <Directory "/usr/share/bugzilla3/web/shadow">
           deny from all
    </Directory>

    <FilesMatch ^(.*\.pm|.*\.pl|.*localconfig.*)$>
        deny from all
    </FilesMatch>