require ssl for IIS

If you have the ability to modify the web application you could configure the BIG-IP to insert a custom header for only the requests it receives via the HTTPS virtual server. The web application could look for this header and send a redirect to https back if the client requested a URI that you want requested only via HTTPS.

Else, you could add all of the logic to the BIG-IP. If you have a list of directories which you want to require SSL for, you could add them to a datagroup. You could then check each request to the HTTP virtual server against that list and redirect matching requests to the same host and URI, via HTTPS.

Here is an example using a datagroup (AKA class):

(datagroups are separate objects from iRules. You can create a datagroup under Local Traffic >> iRules >> Datagroups tab)

 Datagroup listing HTTPS-only resources 
class secure_pages_class {
   "/https/"
   "/other_secure_dir/"
   "/one/secure/page.txt"
}

 triggered when BIG-IP parses the HTTP headers of a request
when HTTP_REQUEST {
    Check if any entry in the class starts with the path of the request, set to lower case
   if {[matchclass [string tolower [HTTP::path]] starts_with $::secure_pages_class]}{
       Comment out this log statement when done testing this rule
      log local0. "Redirecting client [IP::client_addr] who requested [HTTP::uri], with path \
         of [HTTP::path] to TCP port [TCP::local_port] to https://[HTTP::host][HTTP::uri]"
       If so, redirect the request via https to the same host and URI
      HTTP::redirect https://[HTTP::host][HTTP::uri]
   }
}

Aaron