1. Extract domain from request target URL
2. If domains_blocked is present and domain
   matches any blocked entry: DENY
3. If domains_allowed is present:
   a. Check if domain is exact match or has allowed domain as suffix
   b. If match found: ALLOW (proceed to other constraints)
   c. If no match: DENY
4. If neither constraint present: proceed to other constraints