<VirtualHost *:80>
## Note this is heavily reduced just to show the relevant lines
## Expires and security options have been removed
## Don't just paste this - but refer to it along with your customisations

 ServerName www.example.com
 
 DocumentRoot /var/www/example.com/live/htdocs

  <Directory /var/www/example.com/live/htdocs>
    Options +FollowSymLinks
    
    # Disable .htaccess files (remember to account for any rules they implement)
    AllowOverride None
    
    # Include our blocked lists
    Include /etc/apache2/blocked-addresses.conf
    Include /etc/apache2/blocked-agents.conf
    
    Order allow,deny
    Allow from all
    # Deny from our blocked lists
    deny from env=BlockedAddress
    deny from env=BlockedAgent

<IfModule mod_rewrite.c> 
  RewriteEngine on


   # Intercept Microsoft Office Protocol Discovery
   # OPTION requests for this were hitting site regularly
   RewriteCond %{REQUEST_METHOD} ^OPTIONS
   RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ Office\ Protocol\ Discovery [OR]
   RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ Office\ Existence\ Discovery [OR]
   RewriteCond %{HTTP_USER_AGENT} ^Microsoft\-WebDAV\-MiniRedir.*$
   RewriteRule .* - [R=405,L]
   
    ##### Security hardening ####
    ## DENY REQUEST BASED ON REQUEST METHOD ###
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD)$ [NC]
    RewriteRule ^.*$ - [F]  
   
 
  </IfModule>    
  </Directory>

 ## the following log details are included to show
 ## how to use SetEnvIf to include/exclude certain requests for images etc
 ## Also turn on robots.txt logging to check robots behaviour

 ## Custom Logging for combined logs - note they are filtered to not log images, robots.txt, cs, js etc
  UseCanonicalName On
  LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vcommon

  ErrorLog /var/www/log/customer-error.log

  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn
       
  ## we aren't logging images, css, js etc

  ## flag robots.txt requests - allow these to test robot behaviour
  SetEnvIf Request_URI "^/robots\.txt$" robots-request=0
  ## flag favicon requests
  SetEnvIf Request_URI "^/favicon\.ico$" favicon-request=1

  ## flag image requests
  SetEnvIf Request_URI "(\.gif|\.png|\.jpg)$" image-request=1

  ## flag Css and JS requests
  SetEnvIf Request_URI \.css css-request=1
  SetEnvIf Request_URI \.js js-request=1

  ## set do_not_log if any of the above flags are set
  SetEnvIf robots-request 1 do_not_log=1
  SetEnvIf favicon-request 1 do_not_log=1
  SetEnvIf image-request 1 do_not_log=1
  SetEnvIf css-request 1 do_not_log=1
  SetEnvIf js-request 1 do_not_log=1

  ## only log if do_not_log is not set
  CustomLog /var/www/log/customer-access.log vcommon env=!do_not_log
</VirtualHost>