Rather than make any changes on SharePoint, I would invest in a Web Application Firewall that can intercept requests destined to the farm and modify them as needed, i.e. if request = https://www.xyz.com/en/pages, throw an HTTP 401.
Handling this on SharePoint will require changing the authentication scheme for the Web Application to FBA, which I do not recommend.