I think that you should be able to do it without manipulating the end application (leave it HTTP on Port 80 and use the F5 to do full SSL Offload).
Apply to your HTTP VIP (Redirect all HTTP to HTTPS):
when HTTP_REQUEST {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
Apply to your HTTPS VIP (Sets the Secure Cookie Flag):
when HTTP_RESPONSE {
set cookies [HTTP::cookie names]
Loop through each cookie by name in request
foreach aCookie $cookies {
Replace cookie name from list and set Secure Flag to Enable
HTTP::cookie secure $aCookie enable
}
NOTE: The SSL Certificate Website Name MUST match in order for this iRule to work Properly
}
Apply to your HTTPS VIP (Corrects all content responses from HTTP to HTTPS):
Create Custom HTTP Profile. Model after Default HTTP Profile but enable the "Redirect Rewrite" option to "Matching".
It will monitor the response traffic back to the requestor and anything that directs the browser to go to http://website.com/content will be modified to https://website.com/content on the fly.
NOTE: This will only work if the content within the same site. (if content for a different website is requested you will get the "Do you wish to display Non-Secure Data")