Basic Auth password conflict with opencarts rewrites - help

We want to password protect our opencart admin folder (extra layer) with basic auth/password popup via htaccess.

But opencarts rewrites to index.php make it impossible.
index.php takes over and we get 401/410 page not found as soon as we activate the passsword popup. Otherwise the regular login/admin pages work great.

If we remove the rewrites in public_html/.htaccess, the password works.
Or, if we remove the index.php the password popup works as well.

So, been working with chatgpt and tested a lot of stuff but nothing works.
I also added the basic auth in vhost instead, but still same issue._
We tried to exclude /admin from all rewrites but it did not work.

In the end chatgpt said it was LSAPI that probabaly was the reason and it will not work !?

Any ideas ?

This is how we started/default that is not working:

public_html/.htaccess
----------------------------------

RewriteEngine On
RewriteBase /

RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^system/storage/(.*) index.php?route=error/not_found [L]

# Standard OpenCart SEO catch-all
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)$
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]



public_html/admin/.htaccess
-----------------------------------------

AuthType Basic
AuthName "Protected 'public_html/admin'"
AuthUserFile "/home/xxxxx/.htpasswds/public_html/admin/passwd"
Require valid-user