You could probably use a Local Traffic Policy to do this (assuming you are on BIG-IP v11.4 or newer), depending on whether or not other traffic (besides the three FQDNs) are processed by the same virtual server. Local Traffic Policies are almost always more efficient than iRules, although they don't have all of the same capabilities as iRules. Thankfully, HTTP to HTTPS redirects are something they can do.
Your local traffic policy will have a matching strategy of "First Match" and will require http. (See https://support.f5.com/kb/en-us/solutions/public/14000/900/sol14996.html for a similar example.) You will need two rules: One to handle the case where the URI starts with "/foo" and one where it doesn't.
For the case where the URI starts with "/foo" your condition will probably look something like this...
Operand: http-uri
Event: request
Selector: all
Condition: starts-with
Value: /foo
...and your action will probably look something like this:
Target: http-reply
Event: request
Action: redirect
Parameters: location Value: https://abc.com[HTTP::uri]
For the case where the URI does not start with "/foo" your condition will probably look something like this...
Operand: http-uri
Event: request
Selector: all
Negate: (checked)
Condition: starts-with
Value: /foo
...and your action will probably look something like this:
Target: http-reply
Event: request
Action: redirect
Parameters: location Value: https://abc.com/foo[HTTP::uri]
Apply the policy to the virtual server configuration on the Resources tab in the Policies section.
No guarantees since I am not able to test the complete solution here, but I was able to log what the redirects looked like.
When connecting using the redirect is to https://abc.com/foo/
When connecting using http://anyhost.com/foo/bar/foo, the redirect is to https://abc.com/foo/bar/foo
Hopefully this is what you wanted.