Path matching is the core logic of the Robots Exclusion Protocol (RFC 9309). When a compliant crawler like GPTBot or Googlebot prepares to fetch a URL, it isolates the path segment and evaluates it against the active rule group for its user-agent token. The comparison follows a defined precedence: the most specific matching rule, determined by character length, wins. This allows a broad Disallow: /private/ to be overridden by a more granular Allow: /private/public-reports/.
Glossary
Path Matching

What is Path Matching?
Path matching is the algorithmic process by which a web crawler compares a requested URL's path component against the pattern strings defined in the Disallow and Allow directives of a robots.txt file to determine access authorization.
The matching algorithm treats the * character as a wildcard representing any sequence of characters, while $ designates the end of the URL path. A directive lacking $ is treated as a prefix match. For instance, Disallow: /temp blocks both /temp and /temporary, but Disallow: /temp$ blocks only the exact path /temp. This deterministic, non-regex evaluation ensures consistent crawl budget allocation and prevents unintended access to staging environments or proprietary data repositories.
Core Characteristics of Path Matching
Path matching is the deterministic engine of the Robots Exclusion Protocol, where a crawler evaluates its requested URL against defined patterns to enforce access policies.
Longest Match Precedence
When multiple Allow and Disallow directives match a URL, the most specific rule wins. Specificity is determined by character length of the defined path, not the order of declaration. For example, Allow: /blog/public overrides Disallow: /blog for the /blog/public directory because the allow pattern is longer and more precise.
Prefix-Based Evaluation
Robots.txt matching operates on prefix semantics, not regex. A Disallow: /admin rule blocks:
/admin/admin/login/administration
This is because /admin is a prefix of all three paths. To restrict matching to an exact directory, include the trailing slash: Disallow: /admin/.
Wildcard Expansion
The * character acts as a glob wildcard, matching any sequence of zero or more characters. Key applications:
Disallow: /*.pdfblocks all PDF files site-wideDisallow: /private/*/datablocks any path with/private/, then any directory, then/dataDisallow: /*?blocks all URLs containing query parameters
The * is not a true regex quantifier; it cannot specify character classes or repetition counts.
URL Normalization
Before matching, crawlers normalize the requested URL by:
- Decoding percent-encoded characters (
%20→ space) - Removing the fragment identifier (
#section) - Resolving relative path segments (
/../) - Converting to lowercase (scheme and host only, not path)
This ensures consistent comparison against robots.txt patterns, preventing trivial bypasses through encoding tricks.
Escape Character Handling
RFC 9309 reserves $ as a special end-of-match character. A pattern ending in $ matches only that exact path with no additional characters:
Disallow: /temp$blocks/tempbut not/templateor/temp/file
To match a literal $ or * in a URL path, use percent-encoding: %24 for $ and %2A for *. This prevents ambiguity between literal characters and pattern operators.
Case Sensitivity Rules
The path component of a URL is case-sensitive during matching, while the scheme and host are case-insensitive. This means:
Disallow: /Admindoes NOT block/admin- Both
HTTP://example.comandhttp://example.comare treated identically
This distinction matters for sites hosted on case-sensitive file systems (Linux) versus case-insensitive ones (Windows).
Frequently Asked Questions
Clear, technical answers to the most common questions about how crawlers interpret robots.txt directives to determine access to specific URLs.
Path matching is the algorithmic process by which a compliant crawler compares a requested URL's path component against the patterns defined in Disallow and Allow directives within a robots.txt file to determine if it is permitted to fetch that resource. The process is formally defined in RFC 9309, which specifies that matching is performed by comparing the specified path pattern against the beginning of the URL's path. The match is case-sensitive, and the pattern is treated as a prefix unless wildcard characters are used. The most specific matching rule, measured by character length, takes precedence when multiple patterns apply to the same URL. This deterministic evaluation ensures that site owners can precisely control crawler access to their web resources.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Core concepts and directives that define how crawlers interpret URL patterns against robots.txt rules.
Path Prefix Matching
The default matching algorithm defined in RFC 9309. A Disallow: /admin directive matches any URL whose path starts with /admin, including:
/admin/admin//administration/admin.phpThis implicit prefix behavior meansDisallow: /blocks the entire site, whileDisallow: /assetsblocks both/assets/imagesand/assets/csswithout additional rules.
Allow Directive Override
The Allow directive provides granular exception handling within a broader Disallow block. When a URL matches both an Allow and Disallow pattern, the most specific rule wins—measured by character length. Example:
Disallow: /blogAllow: /blog/publicThis permits crawling of/blog/publicand its subdirectories while blocking all other/blogpaths. Essential for selective exposure of content within restricted sections.
End-of-Path Anchoring
The $ character anchors a pattern to the exact end of the URL path. Disallow: /*.pdf$ blocks only URLs ending in .pdf, preventing accidental matching of paths like /pdf-guide/intro. Without the anchor, /*.pdf would also match /pdf-guide. This precision matching is critical for targeting specific file extensions or exact resource names without collateral blocking of similarly named directories.
URL Decoding and Normalization
Before path matching occurs, crawlers perform percent-decoding on reserved characters and normalize the path. A rule targeting /my%20documents must account for the fact that %20 decodes to a space. Additionally, crawlers resolve . and .. segments and collapse consecutive slashes. Understanding this pre-processing pipeline is essential for writing rules that match the actual decoded path the crawler evaluates.
Case Sensitivity Rules
Path matching in robots.txt is case-sensitive by specification. A Disallow: /Admin directive does not block /admin or /ADMIN. This distinction matters on Windows servers (where filesystems are case-insensitive) versus Linux servers (case-sensitive). Site owners must either duplicate rules for case variations or use server-side URL normalization to enforce consistent casing before crawlers encounter the path.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us