diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
index fecde8b49b8..fa15fd127ff 100644
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@@ -6,6 +6,9 @@ class StaticController < ApplicationController
 
     page = params[:id]
 
+    return redirect_to(SiteSetting.tos_url) if page == 'tos' and !SiteSetting.tos_url.blank?
+    return redirect_to(SiteSetting.privacy_policy_url) if page == 'privacy' and !SiteSetting.privacy_policy_url.blank?
+
     # Don't allow paths like ".." or "/" or anything hacky like that
     page.gsub!(/[^a-z0-9\_\-]/, '')
 
diff --git a/spec/controllers/static_controller_spec.rb b/spec/controllers/static_controller_spec.rb
index 10f652fb034..8928118f44a 100644
--- a/spec/controllers/static_controller_spec.rb
+++ b/spec/controllers/static_controller_spec.rb
@@ -17,6 +17,26 @@ describe StaticController do
     end
   end
 
+  [ ['tos', :tos_url], ['privacy', :privacy_policy_url] ].each do |id, setting_name|
+    context "#{id}" do
+      subject { xhr :get, :show, id: id }
+
+      context "when #{setting_name} site setting is NOT set" do
+        it "renders the #{id} page" do
+          expect(subject).to render_template(id)
+        end
+      end
+
+      context "when #{setting_name} site setting is set" do
+        before  { SiteSetting.stubs(setting_name).returns('http://example.com/page') }
+
+        it "redirects to the #{setting_name}" do
+          expect(subject).to redirect_to('http://example.com/page')
+        end
+      end
+    end
+  end
+
   context "with a missing file" do
     it "should respond 404" do
       xhr :get, :show, id: 'does-not-exist'