Hi Jim,
Be aware that IIS is very permissive when interpreting URIs. So it's fairly simple to bypass URI based iRules. For some examples of encoding attacks, check the last reply in this thread:
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=30900
At a minimum if you're going to try to do this in an iRule, you'd want to URI decode the URI. You'd probably want to add additional logic to handle the other scenarios in the above post.
To do more complete proper validation of URIs you need the functionality in a WAF like ASM or to do this in the app using a .NET decoding library.
Aaron