diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessHandler.java
index d642ef0206a..0d3e4188ea0 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/InetAccessHandler.java
@@ -35,94 +35,79 @@ import org.eclipse.jetty.util.InetAddressSet;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
 
-
 /**
- * Inet Address Access Handler
+ * InetAddress Access Handler
  * <p>
- * Controls access to the wrapped handler by the real remote IP. Control is provided
+ * Controls access to the wrapped handler using the real remote IP. Control is provided
  * by and {@link IncludeExcludeSet} over a {@link InetAddressSet}. This handler
  * uses the real internet address of the connection, not one reported in the forwarded
  * for headers, as this cannot be as easily forged.
- * <p>
-
  */
 public class InetAccessHandler extends HandlerWrapper
 {
     private static final Logger LOG = Log.getLogger(InetAccessHandler.class);
-    IncludeExcludeSet<String, InetAddress> _set = new IncludeExcludeSet<>(InetAddressSet.class);
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Creates new handler object
-     */
-    public InetAccessHandler()
-    {
-        super();
-    }
+    private final IncludeExcludeSet<String, InetAddress> _set = new IncludeExcludeSet<>(InetAddressSet.class);
 
-    /* ------------------------------------------------------------ */
     /**
-     * Include a InetAddress pattern
+     * Includes an InetAddress pattern
+     *
+     * @param pattern InetAddress pattern to include
      * @see InetAddressSet
-     * @param pattern InetAddress pattern to exclude
      */
     public void include(String pattern)
     {
         _set.include(pattern);
     }
-    
-    /* ------------------------------------------------------------ */
+
     /**
-     * Include a InetAddress pattern
+     * Includes InetAddress patterns
+     *
+     * @param patterns InetAddress patterns to include
      * @see InetAddressSet
-     * @param patterns InetAddress patterns to exclude
      */
     public void include(String... patterns)
     {
         _set.include(patterns);
     }
-    
-    /* ------------------------------------------------------------ */
+
     /**
-     * Exclude a InetAddress pattern
-     * @see InetAddressSet
+     * Excludes an InetAddress pattern
+     *
      * @param pattern InetAddress pattern to exclude
+     * @see InetAddressSet
      */
     public void exclude(String pattern)
     {
         _set.exclude(pattern);
     }
-    
-    /* ------------------------------------------------------------ */
+
     /**
-     * Include a InetAddress pattern
-     * @see InetAddressSet
+     * Excludes InetAddress patterns
+     *
      * @param patterns InetAddress patterns to exclude
+     * @see InetAddressSet
      */
     public void exclude(String... patterns)
     {
         _set.exclude(patterns);
     }
 
-
-    /* ------------------------------------------------------------ */
     /**
      * Checks the incoming request against the whitelist and blacklist
-     *
-     * @see org.eclipse.jetty.server.handler.HandlerWrapper#handle(java.lang.String, org.eclipse.jetty.server.Request, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
      */
     @Override
     public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
     {
         // Get the real remote IP (not the one set by the forwarded headers (which may be forged))
         HttpChannel channel = baseRequest.getHttpChannel();
-        if (channel!=null)
+        if (channel != null)
         {
-            EndPoint endp=channel.getEndPoint();
-            if (endp!=null)
+            EndPoint endp = channel.getEndPoint();
+            if (endp != null)
             {
                 InetSocketAddress address = endp.getRemoteAddress();
-                if (address!=null && !isAllowed(address.getAddress()))
+                if (address != null && !isAllowed(address.getAddress()))
                 {
                     response.sendError(HttpStatus.FORBIDDEN_403);
                     baseRequest.setHandled(true);
@@ -131,26 +116,26 @@ public class InetAccessHandler extends HandlerWrapper
             }
         }
 
-        getHandler().handle(target,baseRequest, request, response);
+        getHandler().handle(target, baseRequest, request, response);
     }
 
-    /* ------------------------------------------------------------ */
     /**
-     * Check if specified request is allowed by current IPAccess rules.
-     *
-     * @param address internet address
-     * @return true if address is allowed
+     * Check sif specified address is allowed by current IPAccess rules.
      *
+     * @param address the inetAddress to check
+     * @return true if inetAddress is allowed
      */
     protected boolean isAllowed(InetAddress address)
     {
-        return _set.test(address);
+        boolean allowed = _set.test(address);
+        if (LOG.isDebugEnabled())
+            LOG.debug("{} {} {}", this, allowed ? "allowed" : "denied", address);
+        return allowed;
     }
 
-    /* ------------------------------------------------------------ */
     @Override
     public void dump(Appendable out, String indent) throws IOException
     {
-        dumpBeans(out,indent,_set.getIncluded(),_set.getExcluded());
+        dumpBeans(out, indent, _set.getIncluded(), _set.getExcluded());
     }
- }
+}