One of our clients is running PHP in CGI mode. He had trouble to protect the PHP pages in a protected folder. It is caused by the way Apache handles PHP request when PHP is run in CGI mode. Since Apache will send any PHP based request directly to the PHP executable, folder and link protections do not work on PHP pages in this case.

If you are running PHP as a CGI binary and not in library mode, you need to put a few lines of PHP script at the beginning of the PHP pages you would like to protect. You can get the code from How to Protect a PHP Page.