Fundamentally, if an off-the-shelf FPGA is going to be able to read data out of anything resembling a standard PROM, then it has to be possible for the data in the PROM to be read, and for another device to mimic its behavior (most typically, by simply putting the data into another PROM).
I assume your objective is to require someone who builds N boards using your FPGA design to buy N physical objects from you. If the FPGA is an off-the-shelf unit which is controlled via external chip, it doesn't matter if the FPGA itself is bought from you, provided that something necessary to its operation is.
Even if you can't directly protect the configuration from copying, one thing you might be able to do would be to distribute a small code-protected microcontroller or CPLD along with a PROM (the microcontroller, depending upon its size, might be able to take the place of the PROM as well) and incorporate some hard-to-copy functionality in that latter chip without which the FPGA would be worthless. The simplest means of doing that would be to have the CPLD generate a sequential function of a two or more input signals, and have the FPGA generate the same function. Have the FPGA vary those signals in some random-ish fashion and stop working if the CPLD's signals aren't as expected.
If your device isn't too popular, this approach may be sufficient. Indeed, even a lowly 18CV8 or 22V10 might suffice to construct a hard-to-reverse-engineer "dongle". If someone took the time to examine your configuration, though, they could probably identify the "lockout" portion and disable it. If your device is obscure, odds are nobody would bother; if it's popular, though, someone might publish their reverse-engineering analysis on the web.