Exempt a subdirectory from htaccess rewriting

I have a WordPress install, and for various reasons related to the host I’m using, I have the install at the web server root. For awhile now I have also had a subdirectory under the root where I keep files I want to link to. These links were always published as absolute url’s to a specific file, and they worked fine.

Now I want to password protect a specific folder under that subdirectory, and I want to provide a directory listing.

I downloaded a directory listing script, and dropped it into the topmost folder that I want to be private. The script is in index.php in that directory. I then added the following .htaccess in that directory:

AuthName “Private Files”
AuthType Basic
AuthUserFile “/home/myuser/.htpasswd”
AuthGroupFile /dev/null
require valid-user

Then in ~/ I placed the following .htpasswd file:

user:pwdhash

The problem: whether I explicitly address the index.php script, or just the folder it resides in, WordPress jumps in and 404’s. Here is the WordPress .htaccess file:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

If I understand these, the two RewriteCond directives should prevent rewriting when the target is an existing file, or a directory. However, it seems not to work. Fwiw, I checked the permissions on the listing index.php and containing folder and they’re consistent with the rest of the wordpress install.

Just to recap the folder structure:

/home/myuser/ <=== where .htpasswd is
/home/myuser/public_html/ <=== wp root, wp .htaccess
/home/myuser/public_html/misc/private/ <=== my .htaccess, directory listing script

I have Googled around but so far haven’t found anything that gets WordPress out of the way for this specific subdirectory. Anyone have any clues?