As noted in comments, the Deny and Order directives are formerly deprecated on Apache 2.4 (which I would assume you are using - see below). And are intended for backwards compatibility only (mod_access_compat). These should only be used on Apache 2.2 and earlier.
deny from all
Yes, this does "deny" all access to the current directory, files and subdirectories. However, without explicitly stating the Order in which the Deny and Allow directives are processed then how it interacts with related directives is not clearly defined.
Allow directives in a subdirectory .htaccess file should override this.
<Files "*">
Order Deny,Allow
Deny from all
</Files>
By wrapping the directives in a <Files> container you are forcing the block to be merged late. This has the effect of potentially overriding Allow directives in a subdirectory, unlike the example above. Unless the Allow directives in a subdirectory are also enclosed in a <Files> container. This may or may not be desirable. In most cases this is not required.
The * is simply a wildcard that matches all files (and directories).
On Apache 2.4 you should use the Require directive (mod_authz_core) instead:
Require all denied
The same regarding the <Files "*"> container would apply here also.
As noted in comments, the
Deny
andOrder
directives are formerly deprecated on Apache 2.4 (which I would assume you are using - see below). And are intended for backwards compatibility only (mod_access_compat). These should only be used on Apache 2.2 and earlier.Yes, this does "deny" all access to the current directory, files and subdirectories. However, without explicitly stating the
Order
in which theDeny
andAllow
directives are processed then how it interacts with related directives is not clearly defined.Allow
directives in a subdirectory.htaccess
file should override this.By wrapping the directives in a
<Files>
container you are forcing the block to be merged late. This has the effect of potentially overridingAllow
directives in a subdirectory, unlike the example above. Unless theAllow
directives in a subdirectory are also enclosed in a<Files>
container. This may or may not be desirable. In most cases this is not required.The
*
is simply a wildcard that matches all files (and directories).On Apache 2.4 you should use the
Require
directive (mod_authz_core) instead:The same regarding the
<Files "*">
container would apply here also.