Let block_acl() work as advertised. If the last matching acl directive denies access...

Let block_acl() work as advertised. If the last matching acl directive denies access, the game is over, too.

Otherwise it's impossible to say: grant everyone but those
explicitly-mentioned suckers access (blacklist).

Usually it's done the other way around (whitelist), which worked
as expected, but blacklisting is still useful for a public proxy
where one only needs to deny known abusers access.