From http://drupal.org/node/974350#comment-5305368
These rules are for 480 weeks but you can adjust the time accordingly.
<IfModule mod_rewrite.c>
RewriteEngine on
<IfModule mod_headers.c>
# Transform /cdn/***/ to /
RewriteCond %{REQUEST_URI} ^/cdn/([0-9a-zA-Z])*/(.+)$
RewriteRule .* /%2 [L,E=CDN:1]
# Apache will change CDN to REDIRECT_CDN.
# Set a far future Cache-Control header (480 weeks), which prevents
# intermediate caches from transforming the data and allows any
# intermediate cache to cache it, since it's marked as a public resource.
Header set Cache-Control "max-age=290304000, no-transform, public" env=REDIRECT_CDN
# Set a far future Expires header. The maximum UNIX timestamp is somewhere
# in 2038. Set it to a date in 2037, just to be safe.
Header set Expires "Tue, 20 Jan 2037 04:20:42 GMT" env=REDIRECT_CDN
# Pretend the file was last modified a long time ago in the past, this will
# prevent browsers that don't support Cache-Control nor Expires headers to
# still request a new version too soon (these browsers calculate a
# heuristic to determine when to request a new version, based on the last
# time the resource has been modified).
# Also see http://code.google.com/speed/page-speed/docs/caching.html.
Header set Last-Modified "Wed, 20 Jan 1988 04:20:42 GMT" env=REDIRECT_CDN
# Do not use etags for cache validation.
Header unset ETag env=REDIRECT_CDN
</IfModule>
</IfModule>
Also see the AdvAgg rules as these handle servers that do not have mod_headers or mod_expires installed. It uses a FilesMatch directive; advagg files have a fairly unique filename, thus I can do this. The AdvAgg fallbacks wont work in this case because mod_expires can't use environmental variables; neither can FileETag. From what I can see, mod_headers is the desired way to set far future times in apache.