I take it you're not concerned about the lack of security in the solution...
Basically you need to detect in the iRUle whether the request is for YOUR redirect, or for the user accessing the URI directly. There's a couple of way you could do that. You could
1. Detect the referrer and if the referrer was ourselves, don't redirect.
2. Detect the existence of the ?user=user&pass=pass parameters and don't redirect if the user is already supplying them
There's probably several other ways... Personally I'd use both... Just as abet and braces check... It's a direct login (The parameter check) AND we told the browser to doit (referrer check)...
I'd be wary of this approach though... You're leaking the user and password back to the user in the 302 redirect... Never a good idea... There's other ways to skin this cat if you really want automated login.
H
H