How to always use POST to request sensitive information from server

That's an interesting question. The HTTP request method is something that the client controls (ie. the browser). So in order to change GET requests to POSTs on the client side, you'd necessarily have to either rewrite the content of returned pages changing standard GET-style resources (anchors) into forms, or insert elaborate JavaScript to catch request events and rewrite them. Neither option is either easy or viable for most applications. You could also technically rewrite a GET request to a POST as it flows through the BIG-IP, but then you also have to consider whether the server can handle that POST request. A PHP server expecting a querystring with the $_GET() method isn't going to be looking for something in a POST variable. There are still a few options though,

1. Semantic coding practices - rewrite the important requests to POSTs in the application

    

2. Some application frameworks natively embed object calls in POST methods (ASP.Net is a good example)

    

3. Inserting client side JavaScript to catch request events, rewrite them as auto-posting form fields, and then have an iRule rewrite them as GETs on the other side

    

But ultimately I think your best bet for securing those applications from prying eyes is a smartly-placed layer of SSL/TLS.