Access control iRule

We've written an irule to deny access to a few uri(s). iRules if fairly new to us and we want to make sure we're writing our iRule in the most efficiently way possible. Based on the client ip/network (internal network users require access) and the uri we want to protect a list of uri(s). We've created two data group lists, allowed_admin_datagroup and denied_admin_datagroup. The allowed list includes the list of network subnets we want to allow access. The denied list includes a list of uri(s) we want to protect.

when HTTP_REQUEST {   
 if {not [matchclass [IP::client_addr] equals $::allowed_admin_datagroup]}{ 
 if {[matchclass [HTTP::uri] equals $::denied_admin_datagroup]}{ 
 HTTP::respond 200 content "Not AllowedYou are not allowed to access this site!" 
 log local0. "URI requested by [IP::client_addr] blocked.  URI requested = [HTTP::uri]" 
 } 
  
 }  
 }