This avoids getting into an inconsistent state of the request (assert),
and it also allows some real-life cases to succeed without using
a forbidden address in any way (even though they *are* weird).
I can still imagine weird setups where a request gets failed even
though it would be resolvable without *using* a forbidden address,
but none of these seem reasonable anyway (or common in practice).