Create an Irule for allow traffic only from redirection

Is the weblink to a URL that is also hosted on LTM?

yes..

Have you tried using the ACL feature that APM provides? With this you can supply an IP source mask to a URL pattern. The ACL is then applied in a Resource Assignment agent within the VPE.

The access is as follows

External USers --> remore.my company.com ( hosted in APM) --> Click on the webtop link icon --> Redirect to the url (hosted in the same device LTM).

I dont want external users to access the url directly without APM redirection.

Problem is i dont have a source subnet as users are internet based.

So i think we can have a cookie inserted by APM in the redirection url and get that cookie verified in the redirected url. Without cookie, hat access should be denied.

Will it work?

For clarity, is a full redirect or a "portalized" (rewritten) resource on the webtop? When you click the link, does it redirect to a different URL, or the same URL with the /f5-w-something URI?

If it's a full and direct URL, you're telling the remote client to make a new request to a different URL on a different VIP. You can't apply any sort of ACL to prevent access if this is the only way to access it. Now if it's a portal rewrite resource, then the user never leaves the APM VIP and you can absolutely control access to the resource that way.

I might add that you could potentially control access if you used a domain cookie in the APM webtop policy and then checked for and validated that cookie when clients accessed the other VIP. If the client comes to the other VIP and doesn't have a valid APM (domain) session cookie, then don't allow access.