I got the message in Irule ( undefined procedure: ) and [use curly braces to avoid double substitution]

when RULE_INIT { set static::maxquery 3 set static::holdtime 30 set static::interval 3 } when HTTP_REQUEST { set srcip [IP::remote_addr] if { [table lookup -subtable "blacklist" $srcip] != "" } { drop log local1. "continous drop : ClientIP=[IP::remote_addr]" return } set intervaltime [expr [clock second] / $static::interval] set key "count:$srcip:$intervaltime" set count [table incr $key] table lifetime $key [expr $static::interval + 1] log local1. "nowtime=[clock second] / intervaltime=$intervaltime / ClientIP=[IP::remote_addr]" if { $count >= $static::maxquery } { table add -subtable "blacklist" $srcip "blocked" indef $static::holdtime table delete $key drop log local1. "nowtime=[clock second] / intervaltime=$intervaltime / ClientIP=[IP::remote_addr] / initial drop : [IP::remote_addr]" return } }