Here is some code I found that can be used to protect a directory but tell the server to still allow access to specific files and folders.
SetEnvIf Request_URI "(path/to/folder/)$" allow
SetEnvIf Request_URI "(path/to/file\.php)$" allow
Allow from env=allow
Allow from xx.xx.xx.xx #to allow access based on IP