// Disallow: / but Allow: /$ (only root), Allow: /index.html$, Allow: /public/
        assertFalse(robotsTxt.allows("/about", "ComplexBot"));
        assertTrue(robotsTxt.allows("/", "ComplexBot")); // Allow: /$
        assertTrue(robotsTxt.allows("/index.html", "ComplexBot")); // Allow: /index.html$
        assertFalse(robotsTxt.allows("/index.html?page=1", "ComplexBot")); // $ means exact end

Disallow: /admin/*.php
Disallow: /*/private/
Allow: /public/*.html

# Test end-of-path ($) patterns
User-agent: EndPathBot
Disallow: /fish$
Disallow: /temp$
Allow: /fishing

# Test complex patterns
User-agent: ComplexBot
Disallow: /
Allow: /$
Allow: /index.html$
Allow: /public/

# Test priority rules (longer match wins)
User-agent: PriorityBot
Disallow: /store
Allow: /store/public
Disallow: /store/public/sale

User-agent: FessCrawler
Disallow:           # allows all 

User-agent: BruteBot
Disallow: /
Allow: /foo/bar/
Crawl-delay: 1314000

# welcome!
User-agent: Googlebot
Crawl-delay: 1

User-agent: *
Disallow: /private/
Disallow: /help        # disallows /help.html, /help/index.html, etc.
Allow: /help/faq.html
Crawl-delay: 3

User-agent: Crawler
Disallow: /aaa

User-agent: Crawler/1.0
Disallow: /bbb

In another terminal, create a policy that allows root user all access and for all other users denies `PutObject`:

```sh
cat > example.rego <<EOF
package httpapi.authz

import input

default allow = false

# Allow the root user to perform any action.
allow {
 input.owner == true
}

# All other users may do anything other than call PutObject
allow {
 input.action != "s3:PutObject"
 input.owner == false

 * FILE_WRITE_DATA</code>) and the target file has the following security
 * descriptor ACEs:
 *
 * <pre>
 * Allow WNET\alice     0x001200A9  Direct
 * Allow Administrators 0x001F01FF  Inherited
 * Allow SYSTEM         0x001F01FF  Inherited
 * </pre>
 *
 * the access check would fail because the direct ACE has an access mask
 * of <code>0x001200A9</code> which doesn't have the

Allow:    # empty value

# Case 3: Multiple colons in directive
User-agent: MultiColonBot
Disallow: http://example.com:8080/path
Allow: /path:with:colons

# Case 4: Extra whitespace
User-agent:    ExtraSpaceBot
Disallow:     /spaced/
   Allow:   /also-spaced/

# Case 5: Mixed case directives (should still work)
UsEr-AgEnT: MixedCaseBot
DiSaLlOw: /test1/
AlLoW: /test2/
CrAwL-dElAy: 2
SiTeMaP: http://example.com/sitemap.xml

iam-assets/policies.json {"consoleAdmin":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:*"]},{"Effect":"Allow","Action":["kms:*"]},{"Effect":"Allow","Action":["s3:*"],"Resource":["arn:aws:s3:::*"]}]},diagnostics":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:TopLocksInfo","admin:BandwidthMonitor","admin:ConsoleLog","admin:OBDInfo","admin:Profiling","admin:Prometheus","admin:ServerInfo","admin:ServerTrace"],"Resource":["arn:aws:s3:::*"]}]},rea...

         * 2. If both Allow and Disallow patterns match with the same length, Allow takes precedence
         * 3. If no pattern matches, the path is allowed by default
         *
         * @param path the path to check
         * @return true if the path is allowed, false otherwise
         */
        public boolean allows(final String path) {
            PathPattern longestAllowMatch = null;

* `allow_origin_regex` - A regex string to match against origins that should be permitted to make cross-origin requests. e.g. `'https://.*\.example\.org'`.
* `allow_methods` - A list of HTTP methods that should be allowed for cross-origin requests. Defaults to `['GET']`. You can use `['*']` to allow all standard methods.

{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:*"]},{"Effect":"Allow","Action":["s3:*"],"Resource":["arn:aws:s3:::*"]}]}...