<VirtualHost YOUR.IP.ADDRESS:80>
ServerName YOURDOMAIN.COM
ServerAlias www.YOURDOMAIN.COM
Redirect permanent / https://YOURDOMAIN.COM/
</VirtualHost>
<VirtualHost YOUR.IP.ADDRESS:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/YOURDOMAIN.COM.crt
SSLCertificateKeyFile /etc/ssl/private/YOURDOMAIN.COM.key
SSLCertificateChainFile /etc/ssl/certs/Comodo_PositiveSSL_CA_bundle_SHA256.crt
SSLProtocol All -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder On
SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
Header add Strict-Transport-Security "max-age=15768000"
ServerSignature On
DocumentRoot "/YOUR/ROOT/PATH/YOURDOMAIN.COM"
ServerName YOURDOMAIN.COM
ServerAlias www.YOURDOMAIN.COM
ErrorLog /YOUR/ROOT/PATH/YOURDOMAIN.COM/log_error.log
CustomLog /YOUR/ROOT/PATH/YOURDOMAIN.COM/log_access.log common
<Directory "/YOUR/ROOT/PATH/YOURDOMAIN.COM">
FileETag None
Header unset ETag
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 month 1 days"
ExpiresByType text/html "access plus 1 month 1 days"
ExpiresByType image/gif "access plus 1 month 1 days"
ExpiresByType image/jpeg "access plus 1 month 1 days"
ExpiresByType image/png "access plus 1 month 1 days"
ExpiresByType text/css "access plus 1 month 1 days"
ExpiresByType text/javascript "access plus 1 month 1 week"
ExpiresByType application/x-javascript "access plus 1 month 1 days"
ExpiresByType text/xml "access plus 1 seconds"
</IfModule>
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
</FilesMatch>
ServerSignature Off
Options -Indexes
Options -MultiViews
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule images/.+\.(gif|jpe?g|png|bmp) - [NC,L,R=404]
#RewriteRule images/.+\.(gif|jpe?g|png|bmp) content/images/system/404.gif [NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !\.(css|js|html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpe?g|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|swf|tar|tif|tiff|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ [NC]
RewriteRule . index.php [L]
RewriteCond %{HTTP_HOST} !=YOURDOMAIN.COM
RewriteRule (.*) https://YOURDOMAIN.COM/$1 [R=301,L]
Order allow,deny
Allow from all
Deny from env=spammer
Deny from env=BlockCountrySocial
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule ^ - [F]
</Directory>
</VirtualHost>