Actually, this is a bit trickier, because you're not deciding whether to insert the header into the request until the HTTP_RESPONSE_DATA event. So you can't use HTTP::request to get the original client request and then use HTTP::header insert to insert your custom header. If you wanted to stick with inserting a header in the request, you could either insert the authenticated header and then save every request in the HTTP_REQUEST event, or you could work out how to insert a carriage return and line feed in the payload.
The original example for this (
Click here), uses a local variable to track whether the request has already been authenticated. You said that you were seeing the requests looping to the authentication pool when you used a variable. Perhaps it would be better to go back to that version of the rule and troubleshoot why requests were constantly being sent to the auth pool.
Aaron