It is recommended to enable web-server based authentication for the index_http.php page only. If Default login form is set to 'HTTP login page' the user will be .