mask/hide browser url header after redirect.

Again, it depends entirely on the application. If, for example, anything "sue" would want to access is under the static "/mortgage/default.aspx?clientid=1021" URI, then it should be pretty straight forward. But if the application starts referencing local URI paths that you don't want the client to see, you have to rewrite those. Those URIs may also not be in the same context of the requesting user, which may still be okay if you can apply some pattern to the external-internal translation. I hesitate to suggest a solution like ProxyPass or an 11.4+ rewrite profile, because I don't know enough about the application to justify any of these. Your best bet I think at this point is to allow the redirects as you have them applied in the current iRule, and then capture client side HTTP interaction and observe URI patterns.