That actually isn't clear. Can you elaborate on exactly what you're trying to accomplish?
Are you saying that the BIG-IP - web server connection is through an HTTP proxy server. You want to decrypt the traffic to the HTTP proxy, but have the BIG-IP re-encrypt it somehow after the proxy to the final web server?
The only thing I can think of would be to use a VIP bounceback-like configuration where the client connects to VIP_external which points to the pool of HTTP proxy servers. The proxy servers reference VIP_webservers which points to the pool of web servers. You could then configure SSL on any of the legs of the connection path. Of course, this would create two separate sets of connections: the client to proxy server would be one pair and the proxy server to web servers.
[edit: actually, the configuration I just described matches what you have in your diagram (assuming you're able to change the proxy configuration to point to the VIP_webservers in order to access the web servers). I don't think a rule is necessary. I'd suggest contacting support and going over your requirements to come up with a solution.]
Aaron