The right way to accept multiple ids is like this:

Foo.aspx?id=1;id=2;id=3;id=4;id=5

Note that's just what the target is. When re-writing urls, you can set your own rules to a certain extent for what you want the source to look like.

I had to learn this on StackOverflow, too. See this question:
Split out ints from string

In addition to the answer by ConroyP, below is another citation to the RFC. It notes a number of unsafe characters, but does not mention the comma (suggesting that the comma is safe):

Characters can be unsafe for a number of reasons. The space character is unsafe because significant spaces may disappear and insignificant spaces may be introduced when URLs are transcribed or typeset or subjected to the treatment of word-processing programs. The characters "<" and ">" are unsafe because they are used as the delimiters around URLs in free text; the quote mark (""") is used to delimit URLs in some systems. The character "#" is unsafe and should always be encoded because it is used in World Wide Web and in other systems to delimit a URL from a fragment/anchor identifier that might follow it. The character "%" is unsafe because it is used for encodings of other characters. Other characters are unsafe because gateways and other transport agents are known to sometimes modify such characters. These characters are "{", "}", "|", "\", "^", "~", "[", "]", and "`".

All unsafe characters must always be encoded within a URL. For example, the character "#" must be encoded within URLs even in systems that do not normally deal with fragment or anchor identifiers, so that if the URL is copied into another system that does use them, it will not be necessary to change the URL encoding.

Try using %2c in the URL to replace the commas.

If you'd put in place a front controller then you could do something like;

index.aspx?c=Foo/1/2/3/4

The Front Controller would pick up the method name and the parameters to pass to it. This is a pretty common technique nowadays.

The comma is allowed in the path, query string and fragment according to spec. It wouldn't surprise me if IE doesn't conform to the spec though. Try the entity as Claudiu suggests, but I don't know why that would be necessary.

Commas are allowed in the filename part of a URL, but are reserved characters in the domain*, as far as I know.

What version of IE are you using? I've come across the odd report of IE5.5 truncating URLs on a comma (link here, but have tested URLs with commas in IE7 and it seems to be OK, so if there was an IE bug, it doesn't seem to be there any more - could it be an IIS issue?

I'm wondering if the page error is due to a rule failure with the mod_rewrite - can you post the rule which is matching multiple ids and passing them off to your Foo.aspx? Is there any chance that it's only matching Foo.N,N, and failing on more commas?

2.2. Reserved Characters

Many URI include components consisting of or delimited by, certain special characters. These characters are called "reserved", since their usage within the URI component is limited to their reserved purpose. If the data for a URI component would conflict with the reserved purpose, then the conflicting data must be escaped before forming the URI.

 reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
                "$" | ","

The "reserved" syntax class above refers to those characters that are allowed within a URI, but which may not be allowed within a particular component of the generic URI syntax