You may use only one "Order" directive, unless the multiple Order directives are contained in containers ( such as <FilesMatch> ) which are (completely) mutually-exclusive. Also, "Order" controls the priority of all Alows versus all Denies within a given container, and has nothing to do with the listing order of Allow and Deny directives (See mod_access [httpd.apache.org])

You might want to further consider that most sites have various other "standard" files which are "expected to be there" by other Web agents, files such as robots.txt, sitemap.xml, labels.rdf, /w3c/p3p.xml, etc. Those files and/or filetypes are not supported by your solution.

Nevertheless, here's how I'd modify your code:

Order Deny,Allow
Deny from all
#
<FilesMatch "\.(html¦php¦jpg¦png)$">
Allow from all
</FilesMatch>

Replace all broken pipe "¦" characters above with solid pipe characters before use; Posting on this forum modifies the pipe characters.

Jim

I've tried using ur code, but i still get the 403 forbidden error. It seems like .html is still blocked.

I've already found the solution.

Here are the codes to prevent other files except html, jpg, php and png

<FilesMatch "\.+">
Order Allow,Deny
Deny from All
</FilesMatch>

<FilesMatch "\.(html¦php¦jpg¦png)$">
Order Allow,Deny
Allow from All
Deny from None
</FilesMatch>

I hope anyone facing this problem will find this code useful. =)

> I've tried using ur code, but i still get the 403 forbidden error. It seems like .html is still blocked.

The most likely reason is that you did not completely flush your browser cache before testing. You should flush your cache after any change to the config code on your server, otherwise, you'll see stale locally-cached results, no requests for cached objects will be sent to your server, and the new code will have no effect.

Jim