uri query limiting

Try this:

when RULE_INIT { 
    set static::maxrate 2 
    set static::timespan 60 
    set static::respond_page { Too many requests. Try again later }
} 
when HTTP_REQUEST { 
    if { ( [HTTP::method] eq "POST" ) and ( [class match [string tolower [HTTP::uri]] contains query_limiter_uri] ) } {
        if { [class match [IP::client_addr] eq query_limiter_whitelist] } {
            return
        }
        set cl_q [string tolower [HTTP::uri]]
        set clid [IP::client_addr]:[IP::remote_addr]:[TCP::local_port]
        set clid_q "${clid}:${cl_q}"

        if { [table lookup -subtable REQCOUNT $clid_q] eq "" } {
            table set -subtable REQCOUNT $clid_q 1 $static::timespan
        } elseif { [table lookup -subtable REQCOUNT $clid_q] > $static::maxrate } {
            log local0. "-- $clid -- violation detected -- $cl_q -- exceeded number of requests --"
            HTTP::respond 200 content $static::respond_page
        } else {
            table incr -subtable REQCOUNT $clid_q
        }
    }
}

There were a few things that might have given you a problem in the first version of the iRule:

1. You're table entries include the client side port, which would likely change often enough to bypass your catch.

2. You're attempting to respond and redirect in the same condition.

3. Your class match is doing a [string tolower ] evaluation, but you have a string in your data group with an uppercase letter.

The above basically says:

1. If the table entry doesn't exist, create it.
2. If it exists and is greater than maxrate, respond with static content.
3. Else increment the table entry.