Forget apache, you don't want the connection to get tor your application layer if it's a security issue. You would want to block this on the OS or network layer.
For iptables, here ya go:
iptables -A INPUT -s 184.108.40.206 -j DROP
iptables -A OUTPUT -d 220.127.116.11 -j DROP
Just run those commands as root, replace the 18.104.22.168 with the IP and BAM!
The good thing about this is it's a drop rule, different from a reject rule in the fact that your server sends no response at all to the originating connection, a reject will send a response back telling them its rejected. This indicates the server is still up to the remote attacker and they keep trying to get in. If it's a drop, they get no responses, connection just times out as if the IP of your server had changed or the server itself is down.