I worked on this while trying to satisfy CS ST#41651.

First, one needs to disable the vendor apache server. You can do it like this:

/etc/init.d/sgi_apache stop
chkconfig sgi_apache off

By default, vendor's httpd.conf goes to /var/sgi_apache/httpd-outbox/etc.

Some directives from here:

ServerRoot "/var/sgi_apache/httpd-outbox"

    Alias /icons/ "/var/sgi_apache/server/share/icons/"

    <Directory "/var/sgi_apache/server/share/icons">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
    <Directory "/var/www/cgi-bin">
        AllowOverride None
        Options FollowSymLinks
        Order allow,deny
        Allow from all
    </Directory>

    Alias /ebt-icons/ "/usr/lib/Insight/dweb/icons/"

    <Directory "/usr/lib/Insight/dweb/icons">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    ScriptAlias /ebt-bin/ "/usr/lib/Insight/dweb/cgi-bin/"

    <Directory "/usr/lib/Insight/dweb/cgi-bin">
        AllowOverride None
        Options FollowSymLinks
        Order allow,deny
        Allow from all
    </Directory>

The easiest thing to do is configure the xhier package to answer requests for "http://hostname" with those (or similar) directives, and "http://www.hostname" with xhier-style directives.

Since the documentation lives in /var/www/htdocs, one can create a .htaccess file there with directives something like

Default deny
Allow from (localhost's ip)