Is it acceptable (and possible) to automatically block an ip address by modifying .htaccess file dynamically in php when a bruteforce or DoS attack is detected?
Yes, it is possible to block an IP. but it's pointless to try to stop a DDos attack this way since the apache process is already spawned.
Deny from xx.xx.xx.xx
When blocking an IP you would normally enter a rule in the firewall to block that IP out.
I'd suggest you take a look at The apache security module
Also fail2ban is a good way to stop bruteforce attacks.
https://www.linode.com/docs/security/using-fail2ban-for-security