With Apache2, or iptables, is there a way to refuse visitors if their IP has no reverse DNS, or does not resolve at all?
I have a website targeted to a specific population who has valid reverse DNS. Some spammers and hackers who do not have a reverse DNS come and try to spam/hack my site.
They get refused/denied by my spam blocker but I still want to prevent them to access my website.
I wouldn't do this on Apache level due the slowness of the DNS queries.
Instead I would do this behind the curtains. For example, put some self-written shell/perl script to tail the Apache access log, do the dns queries and if they fail, then just add the ip address to (temporary) ban list. You could probably do this with fail2ban if you're not willing to write some Perl for yourself.
Anyway, be careful! Even some legit visitors might not have a resolvable dns name.
You could easily do it in php or you favorite language (for php http://php.net/manual/en/function.gethostbyaddr.php). Perhaps if you approve of the visiting client by checking their reverse DNS status you then "log them in" in a similar fashion to a normal username/password login.
Normally .htaccess files or iptables may be a better solution, but since you have a very peculiar request, you may need the flexibility of a scripting language.
Several people have pointed out that this is typically a bad idea due to slow DNS resolution. But if you want to do it you can do it with mod_access:
http://httpd.apache.org/docs/2.0/mod/mod_access.html
In your statement(s) just add something like:
You'll want to add your local private lan, 127.0.0.1, etc...