HostNameLookups is where Apache does a reverse DNS lookup for every connecting client’s IP address. In addition to on and off there is also a double option that does a reverse lookup followed by a forward one to see if the host name matches the IP address.
One of the most common pieces of advice when it comes to Apache optimization is to turn HostNameLookups off because having it on increases latency and slows down sites. Turning it off is a good idea but the devil is in the details as you can see from this paragraph of the Apache docs:
Regardless of the setting, when mod_authz_host is used for controlling access by hostname, a double reverse lookup will be performed.
Source
mod_authz_host is an apache module that is used to allow and deny access based on ip addresses or hostnames. The problem comes when you use the latter. For example:
1 2 | Order Deny,Allow Deny from user.isp.com |
If you are using the above in a .htaccess file or a virtual host config then Apache will do a reverse DNS lookup even if you have specified HostNameLookups Off. This might not sound like a big problem but it is. Some IP addresses don’t have PTR records at all (as in SERVFAIL). If a user is assigned such an IP address by his ISP he will find that your site loads very slowly.
The solution is to use the IP address alone to deny access:
1 2 | Order Deny,Allow Deny from 192.168.0.1 |
If you can’t avoid using host names you should use allow/deny rules for specific directories or files instead of the whole virtual host. Remember, the rDNS lookups only take place when and where Apache encounters these directives. To that end the FilesMatch and DirectoryMatch blocks are worth looking into.