string tolower 'shouldn't' be necessary on a rfc compliant request, but it's a good idea to catch all those benign and malicious exceptions. wouldn't the first irule end up in a redirect loop for uri's ending with .aspx? There isn't any actual action going on there.