There is a missing line in @acond's answer. I think it needs Allow:

<Directory /var/www/denied_directory>
     order deny,allow
     Deny from All
    <Files safefile.php>
        order deny,allow
        Allow from All
    </Files>

Since there is only one rule in each directive, I suspect the order lines may be irrelevant. Although maybe the outermost one is required, because there is more than one rule nested. (I'm new to apache configuration)

It works perfectly if it is configured properly:

   <Directory /var/www/denied_directory>
        Order allow,deny
        <Files test.php>
           Order deny,allow
        </Files>
   </Directory>

In Apache 2.4, with an additional test on an environment variable for good measure:

See also: Require Directive

<Directory "/wikis/foswiki">

    Require all denied

    # Allow access to toplevel files ending in .html (in particular index.html) only 
    # (comment out if you don't care for this)

    <Files ~ "\.html$">

       <RequireAll>
          Require all granted
          Require not env blockAccess
       </RequireAll>

    </Files>

</Directory>

put your files directive inside your directory directive.

To allow a specific file when access is restricted by HTTP password. Be careful, password protection is defined on filesystem basis and specific allowed files are defined by URI. Updated for Apache 2.4.

<Directory /path/to/directory/>
    AuthName SecureArea
    AuthType Basic
    AuthUserFile /path/to/passwd-file
    Require user my-user

    SetEnvIf Request_URI "path/to/uri-allowed-1.php" allowedURL
    SetEnvIf Request_URI "path/to/uri-allowed-2.php" allowedURL
    Require env allowedURL
</Directory>