Order Allow,Deny
<FilesMatch "^toon\.php$">
Allow from all
</FilesMatch>

That is probably the most efficient that you can get.

AuthGroupFile /dev/null
AuthName "Private Area"
AuthType Basic
AuthUserFile .htpasswd
require valid-user


<Files "toon.php">
Allow from all
Satisfy Any

</Files>

Works for me. Dont' forget to configure the .htpasswd file.

Deny From All
<FilesMatch "^toon\.php$">
Allow From All
</FilesMatch>

Worked for me...

You may want to use the <Directory> and <Files> directives. You can look at the documentation here:

http://httpd.apache.org/docs/1.3/mod/core.html#directory

http://httpd.apache.org/docs/1.3/mod/core.html#files

In short, you want something like this:

<Directory /folder/without/access >
     Order Deny,Allow
     Deny from All
</Directory>

<Files "filename">
     Order Deny,Allow
     Allow from All
</Files>

Add the following rule to htaccess file in root

RewriteEngine on


RewriteRule !toon\.php$ - [F]

This will deny access to all files and folders except toon.php .

If, like me, you're looking for a way to have authentication on an entire site/folder except for a single file, you will find that this method is working very well:

#allows a single uri through the .htaccess password protection
SetEnvIf Request_URI "/testing_uri$" test_uri

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/your/.htpasswd
AuthGroupFile /
Require valid-user

#Allow valid-user
Deny from all
Allow from env=test_uri
Satisfy any

Example taken from : this site