I setup b .htaccess file to want authentication for any directory. I must exempt certain files (csv) to prevent some difficulties with installing.

I'm able to limit the authentication towards the files by doing:

<files ~ "\.csv$">
    require valid-user
</files>

But how do i negate(!) them so that all files except csv files require authentication?

This will work:

<files ~ "\..*(?<!csv)$">
    require valid-user
</files>

I have examined this on my small local server (Apache 2.2.14) and delay pills work fine. All files except .csv files require authentication before installing.

Edit
Sorry about all of the edits. These kind of regular expressions will always be tricky :)