*/
        public String[] getAllows() {
            return allowedPaths.toArray(new String[allowedPaths.size()]);
        }

        /**
         * Gets all disallowed paths for this directive.
         * @return an array of disallowed paths
         */
        public String[] getDisallows() {
            return disallowedPaths.toArray(new String[disallowedPaths.size()]);
        }
    }

    /**

	sseS3 := crypto.S3.IsEncrypted(objInfo.UserDefined)
	if !sseKMS && !sseS3 { // neither sse-s3 nor sse-kms disallowed
		return errInvalidEncryptionParameters
	}
	if sseKMS && r.Encryption.Type == sses3 { // previously encrypted with sse-kms, now sse-s3 disallowed
		return errInvalidEncryptionParameters
	}
	versioned := globalBucketVersioningSys.PrefixEnabled(srcBucket, srcObject)

http://ExAmPlE.CoM http://other.com/ s:http p:/ h:example.com

# Spaces should fail
http://example\sexample.com

# This should fail
http://Goo%20\sgoo%7C|.com

# U+3000 is mapped to U+0020 (space) which is disallowed
http://GOO\u00a0\u3000goo.com

# Other types of space (no-break, zero-width, zero-width-no-break) are
# name-prepped away to nothing.
# U+200B, U+2060, and U+FEFF, are ignored

            return false;
        }

        if (!selected.atLeast(getConfig().getMinimumVersion()) || !selected.atMost(getConfig().getMaximumVersion())) {
            log.debug("Server selected an disallowed dialect version {} (min: {} max: {})", selected, getConfig().getMinimumVersion(),
                    getConfig().getMaximumVersion());
            return false;
        }
        this.selectedDialect = selected;

Note that just like with [AWS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-marker-replication.html), Delete marker replication is disallowed in MinIO when the replication rule has tags.

To add a replication rule allowing both delete marker replication, versioned delete replication or both specify the --replicate flag with comma separated values as in the example below.

        // When
        boolean valid = response.isValid(mockContext, mockRequest);

        // Then
        assertFalse(valid);
    }

    @Test
    @DisplayName("Should fail validation with disallowed dialect")
    void testIsValidDisallowedDialect() throws Exception {
        // Given
        setResponseAsReceived(response);
        setPrivateField(response, "dialectRevision", 0x0202); // SMB 2.0.2

    }

    /**
     * Initializes the disallowed compound operations based on the provided property string.
     *
     * @param prop comma-separated list of operations to disallow in compound requests
     */
    protected void initDisallowCompound(final String prop) {
        if (prop == null) {
            return;
        }
        final Set<String> disallow = new HashSet<>();

and <i>w'</i> happens before <i>r</i>.
That is, each read must observe a value written by a preceding or concurrent write.
</p>

<p>
Additionally, observation of acausal and “out of thin air” writes is disallowed.
</p>

<p>
Reads of memory locations larger than a single machine word
are encouraged but not required to meet the same semantics
as word-sized memory locations,
observing a single allowed write <i>w</i>.

	if HasPrefix(object, SlashSeparator) {
		return ObjectNamePrefixAsSlash{
			Bucket: bucket,
			Object: object,
		}
	}
	if runtime.GOOS == globalWindowsOSName {
		// Explicitly disallowed characters on windows.
		// Avoids most problematic names.
		if strings.ContainsAny(object, `\:*?"|<>`) {
			return ObjectNameInvalid{
				Bucket: bucket,
				Object: object,
			}
		}
	}
	return nil

To allow additional flags, set CGO_CFLAGS_ALLOW to a regular expression
matching the new flags. To disallow flags that would otherwise be allowed,
set CGO_CFLAGS_DISALLOW to a regular expression matching arguments
that must be disallowed. In both cases the regular expression must match
a full argument: to allow -mfoo=bar, use CGO_CFLAGS_ALLOW='-mfoo.*',