diff --git a/app/i18n.ts b/app/i18n.ts
index 58fae1f..a5eefda 100644
--- a/app/i18n.ts
+++ b/app/i18n.ts
@@ -2,7 +2,7 @@ import {notFound} from 'next/navigation';
 import {getRequestConfig} from 'next-intl/server';
  
 // Can be imported from a shared config
-const locales = ['en', 'hr'];
+export const locales = ['en', 'hr'];
  
 export default getRequestConfig(async ({locale}) => {
   // Validate that the incoming `locale` parameter is valid
diff --git a/app/lib/auth.ts b/app/lib/auth.ts
index 5c3eb46..3662fa7 100644
--- a/app/lib/auth.ts
+++ b/app/lib/auth.ts
@@ -46,7 +46,7 @@ export const authConfig: NextAuthConfig = {
       strategy: 'jwt'
    },
    pages: {
-      signIn: '/login',
+      signIn: '/en/login',
    },
 };
 
diff --git a/middleware.ts b/middleware.ts
index 708141f..4fad9e8 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -3,11 +3,12 @@
  * @description hooks-up `next-auth` into the page processing pipeline
  */
 
-import { auth } from '@/app/lib/auth'
+import { auth, authConfig } from '@/app/lib/auth'
 import createIntlMiddleware from 'next-intl/middleware';
+import { NextRequest, NextResponse } from 'next/server';
+import { locales } from '@/app/i18n';
 
-const locales = ['en', 'de'];
-const publicPages = ['/', '/login'];
+const publicPages = ['/terms', '/policy', '/login'];
  
 const intlMiddleware = createIntlMiddleware({
   locales,
@@ -15,15 +16,31 @@ const intlMiddleware = createIntlMiddleware({
   defaultLocale: 'hr'
 });
 
-export const config = {
-  // midleware will NOT be called for paths: '/api/auth/*', '/_next/static/*', '/_next/image*', static files and public pages
-  matcher: [
-    '/((?!api|_next/static|_next/image|.*\\.png$|.*\\.webm$|en/policy|hr/policy|en/terms|hr/terms|en/login|hr/login).*)',
-  ],
-};
+export default async function middleware(req: NextRequest) {
+  const publicPathnameRegex = RegExp(
+    `^(/(${locales.join('|')}))?(${publicPages
+      .flatMap((p) => (p === '/' ? ['', '/'] : p))
+      .join('|')})/?$`,
+    'i'
+  );
+  const isPublicPage = publicPathnameRegex.test(req.nextUrl.pathname);
 
-// middleware will call NextAuth's `auth` method, which will in turn call) see `auth.ts`
-export default auth((req) => {
-  // call the internalization middleware
-  return(intlMiddleware(req));
-});
+  // for punlic pages we call only localisation middleware
+  if (!isPublicPage) {
+    const session = await auth();
+
+    if (!session) {
+      const signInUrl = `${req.nextUrl.protocol}//${req.nextUrl.hostname}${req.nextUrl.port ? `:${req.nextUrl.port}` : ''}${authConfig.pages?.signIn as string}`;
+      return NextResponse.redirect( signInUrl  );
+    }
+  }
+
+  return intlMiddleware(req);
+}
+
+export const config = {
+  // for these paths middleware will not be called
+  matcher: [
+    '/((?!api|_next/static|_next/image|.*\\.png$|.*\\.webm$).*)',
+  ],
+};
\ No newline at end of file