Confused about Static Context Definition precedence.

What I'm trying to do is pretty simple (I thought). I created a pair of context rules one of which blocks outside IP access to various file extensions and names, including *.txt. The other attempts to 'punch a hole' to let out robots.txt and license.txt.

Each rule works on its own without the other. I've tried swapping the rule orders around. I've tried using both exp: and URI format matching. If the one rule is set to deny .txt files, the other one can't override it for specific ones -- at least not in any way I can see.

What am I doing wrong? Or is there some sort of internal logic in OLS that always gives precedence to rules that block access, either explicitly or through IP definitions?

I am sure that there are ways to accomplish the same thing with rewrites and/or .htaccess, but I'm not looking for alternatives or best practices. I'm just trying to understand the ins and outs of Static Context Definition rule precedence.

I enclose screenshots of all of the rules here.

Thanks in advance for any help.

Screen Shot 2024-06-13 at 7.57.33 AM.png
Screen Shot 2024-06-13 at 7.58.13 AM.png

Screen Shot 2024-06-13 at 7.58.28 AM.png

Screen Shot 2024-06-13 at 7.58.55 AM.png