Can you be more specific on "we also want if any user try to enter anything by changing any value in redirect then f5 should access denied that request."
A simple redirection should take care of your 1st part. To help you complete this whole, we would need more info on what your 2nd part of requirement is. When you say redirect, are you saying the server redirect response ? Because once you login, there will be many more URI's that still needs to be allowed and accessed. You dont want to end up blocking them with Irule.