.htaccess has nothing to do with PHP.
It's an Apache Webserver thing.
There are lots of tutorials about it online. Just google: Apache htaccess
No, if I'm not mistaken, you can't list multiple file extensions in one directive.
But, why are you doing that anyway?
The supplied .htaccess works around the security issue for the /downloads/ folder differently, by denying access to a directory listing, and also requiring authentication to browse files, with no accessible authentication, thus blocking everyone.
Or, if it's real security you're after, maybe you should just make the folder inaccessible to browsers:
https://www.zen-cart.com/tutorials/i...hp?article=280




