Here is some code I found that can be used to protect a directory but tell the server to still allow access to specific files and folders.
SetEnvIf Request_URI "(path/to/folder/)$" allow SetEnvIf Request_URI "(path/to/file\.php)$" allow Order allow,deny Allow from env=allow Allow from xx.xx.xx.xx #to allow access based on IP Satisfy any