Pardon me for jumping in...
I want to restrict RDP
When you say RDP, to me that means that the client is running mstsc.exe and connecting to the server via terminal services over port 3389. The user is not running a browser, so you can't do a redirect because that's not something that mstsc.exe would understand. Or are you using RDS or some other web enabled interface?
I am not familiar with this ManageEngine PAM product, does it provide an HTTPS enabled RDP solution? How does that product play a role in your question?
And I don't understand the localhost portion of your question. That would imply that the client machine has already connected to something on the server (ManageEngine??)
Perhaps if you could provide more details of "what connects to what" then someone might be able to provide an answer. And my favorite question "what's the real problem?".
Update: Are you looking allow users to use a browser for RDP?
https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin