Is the bad string found in a parameter value (/dir/1315?param=bad2144)? If so, you might want to verify whether the application accepts the same parameter in the payload of a POST request. A malicious user could potentially use an interception proxy to modify the request from a GET to a POST and include the parameter in the POST data. Also, for the URI check, you could be more specific using HTTP::query.
If you want to only check for the bad2144 string for a specific URI, you could add a check:
if {[HTTP::uri] starts_with "/some/path" && [HTTP::query] contains "bad2144"}{
If the app is not case sensitive, you could set the URI to lower case:
if {[string tolower [HTTP::uri]] starts_with "/some/path" && [HTTP::query] contains "bad2144"}{
Aaron