If reverse DNS lookups are shown in your Apache access log, while you were expecting (and needing) IP addresses, this post may help.
Figure 1: Example “.htaccess” file for blocking IP addresses
By default IP addresses are logged in the Apache access log “/var/log/apache2/access.log” unless you specify “HostnameLookups On” in “/etc/apache2/apache2.conf” (it is off by default). But if you are restricting access to specific content using an “.htaccess” file with an “allow from” or “deny from” construction this changes. If you have this in your “.htaccess” file IP addresses are logged:
deny from 184.108.40.206
But if you add a comment to the line like this reverse DNS lookups are logged:
deny from 220.127.116.11 # my home ip address
Cause and work-around
This is caused by “mod_authz_host” (which is enabled by default) that kicks in and converts the IP addresses to hostnames. The work-around is to put the comment on the previous line:
# my home ip address: deny from 18.104.22.168
It also happens when you use a regular expression or a host name (which is more obvious). Plain IP addresses and CIDR notation do not trigger the conversion. Hopefully this post can save you some time.