hostmatcher: split the hostname from the `hostname:port` string, use the correct hostname to do the match.
Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.