Using FilesMatch to increase security

I've been experimenting with the FilesMatch Directive. During my first attempt, I discovered that my default rules (rulesets 1 & 2) didn't allow me to access www.test.com/ but did allow me to access www.test.com/index.php

I presumed this was because the file "/" hit ruleset 1 but not ruleset 2 and so got blocked. I therefore put ruleset 3 in place and everything seems to be working now. I just wanted to ask if anyone had any advice on implementing this directive, and whether or not I've gone about it the correct way?

#Ruleset1
<FilesMatch "^.*$">
        Order Deny,Allow
        Deny from all
</FilesMatch>

#Ruleset2
<FilesMatch "^.*\.(css|html?|js|pdf|txt|xml|xsl|gif|ico|jpe?g|png|php?)$">
        Order Deny,Allow
        Allow from all
</FilesMatch>

#Ruleset3
<FilesMatch "">
        Order Deny,Allow
        Allow from all
</FilesMatch>

This likely isn't working as you're intending.

Your last match effectively overrides the other rules and allows all requests; "" will always match everything (as will your first section, "^.*$").

Just using <FilesMatch> seems like the wrong approach for what you're going for, but can you clarify what you're trying to achieve?

Edit:

Something like this should function for both cases:

<Location />
    Order deny,allow
    Deny from all
</Location>
<LocationMatch "(/|\.css|\.html?|\.js|\.pdf|\.txt|\.xml|\.xsl|\.gif|\.ico|jpe?g|\.png|\.php)$">
    Allow from all
</LocationMatch>