I'm no expert on how to configure the server's allowable directives, but it would seem that your httpd.conf settings are preventing these settings from working as intended:
Code:
<Files *.php>
Order Deny,Allow
Deny from all
Allow from localhost
</Files>
That collection of settings says "for all *.php files, deny access to everyone, unless it's the local server itself asking for them".
Basically, that prevents outsiders from hacking around at files on your server without your knowledge.
For some reason, it's grabbing more than just *.php ... and also denying access to your .css files too.
It only happens this way in a few environments. Windows IIS Hosting environments don't like .htaccess files at all, and different methods must be used to accomplish the same thing. If you're having this problem in a linux/unix apache environment, then "something" in your httpd.conf or a config file linked by your httpd.conf is telling apache that those commands aren't allowed, or is telling it to interpret them differently than they are intended. About 1-10% of linux/unix hosting arrangements have this problem.
Perhaps some searching on .htaccess and deny from all and <files *.php> over at webhostingtalk.com might help you configure your server more completely?
Bookmarks