As long as you do not specify any File/Directory Mask all user can access all the File/Directory on the server, but as soon as you specify (-)mask all user can not access File/Directory in the refuse rules.
If you add allow access before the refuse access,all user can access any File/Directory in the allow access. But if you add allow
access after the refuse access,it impacts nothing.
So the order of the rules is also very important.

For example

+123.zip
-*.zip
Refuse all user access the file which extend name is "zip".
But "123.zip" is still accessible, since "123.zip" is in the allow rules before *.zip.

-*.zip
+123.zip
Refuse all user access the file which extend name is "zip".
"123.zip" is also refused, since "123.zip" after "*.zip" impacts nothing.

Supported wildcards

To define access rules you can use the wildcards ? and *.

Priority

This server file access list will have priority on user account file access list.