Solution:1
Found the issue!!!
In general, Apache does the rewrite phase before the authorization phase, which is why your code performs the rewrite without ever asking for user to authenticate. https://stackoverflow.com/a/13295036/7664726
I had to add it to the .htaccess in the website root:
RewriteCond %{LA-U:REMOTE_USER} !^$
So my final .htaccess is this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{LA-U:REMOTE_USER} !^$
RewriteRule . /index.php [L]
</IfModule>
Thanks to add peoples in comment section helping me solve this issue.