Ok, I think I got it. To summarize it in a simple manner (and maybe to help somebody else with the same issue):
The case: One physical server (or group of servers) is running several web sites, each with different domain name and requiring standard HTTPS access (443).
Objective: Minimize number of Public IPs used to access websites on the server(s).
Proposed solution: Configure one Virtual Server and assign to it an iRULE which will direct traffic to a pool corresponding to a requested site based on matching URI in the iRULE.
Outcome: It should work fine for regular HTTP traffic. It will not work for HTTPS traffic. If F5 is running version 11 it may be possible to use TLS hostname/SNI feature to achieve objective (no uRUlE is necessary but setup still is somewhat complicated). With versions lower than 11 the objective is impossible to achieve for HTTPS traffic, it is necessary to dedicate a separate Virtual Server for each website or obtain UNC certificate (that and corresponding setup may prove to be more expensive and cumbersome than creating several Virtual Servers).
Reason for Outcome: The reason is the HTTPS protocol implementation - while initial call to the server is open text, it does not contain the name of site the call is directed to (only request for certificate on the server). Since revealing what particular site you want to access hardly represent any security breach this implementation is clearly based on outdated assumption that one server serves one site. So information about specific site name is only available in the already encrypted traffic. So if F5 is just passing HTTPS it has no way to see what site is actually requested and so iRULE will not work (neither, apparently, similar in function HTTP class), no selection will be made and HTTPS call will just hang. If HTTPS will be terminating at F5 by enabling Off-Loading it will require Client SSL profile which can only be one per Virtual server and can contain only one certificate so it will not be possible to unencrypt traffic sent to any but a single site.
If multiple sites are all belong to the same domain then it is possible to achieve objective by using offloading on F5 with a single wild card certificate. Then since F5 will be encrypting/decrypting traffic it will see the name of requested sites and iRULE then can use it to switch traffic to corresponding pool. Similar it would work for UNC certificate - single certificate allows F5 to unencrypt the traffic and pass URI string to iRULE.
One more option can provide a partial solution - use HTTP Virtual server with uRULE that will redirect traffic to HTTPS with custom port. That would allow still use one public IP for all the sites but would require to build Virtual Server with custom HTTPS port for each site. In that case either pass-through HTTPS or off-loading should work fine as no redirection is done on HTTPS traffic itself.
I think that's covers it.
Richard, thank you very much for help and let me know if you find some discrepancy in my summary that shows Im still not getting it right.