Improve performance for ACL

[Mygod]

1. What does this change do, exactly?

Skip DNS lookup if there are no IP ACL rules. This also in some sense mitigates DoS attacks by flooding servers with a lot of denied hostnames, which could lead to overloading the DNS services.

Requesting an invalid disallowed hostname will also now return 403 correctly instead of 502.

2. Please link to the relevant issues.

N/A

3. Which documentation changes (if any) need to be made because of this PR?

None.

4. Checklist

• [ ] I have written tests and verified that they fail without my change
• [x] I made pull request as minimal and simple as possible. If change is not small or additional dependencies are required, I opened an issue to propose and discuss the design first
• [x] I have squashed any insignificant commits
• [x] This change has comments for package types, values, functions, and non-obvious lines of code

[gaby]

@Mygod Thanks for the PR! Can you add a unit-test for this?

[Mygod]

I'm running it in production and it works fine. :)

[gaby]

I'm running it in production and it works fine. :)

We still need a unit-test for it :-)

[Mygod]

I wonder how to rebase on master...

[gaby]

@Mygod Create a new PR with the new branch