So I am trying to write a ruleset that will do the following all in one:
1. Check against the honeypotproject.org database, drop if matched
2. Check against a whitelist/blacklist mod sec collector, allow/drop if matched
3. If all else fails rate limit the requests

This is my first attempt at writing my own rulesets so most of everything has been acquired from googling around and trying to follow online docs. I am not sure what is the best way to ensure that I am defining the IP address I am working with once and using it through the entire chain. Also I am just not sure if this is the most efficient way of doing this :). Any help is appreciated.

# Check IP against the Honepot Project and if it matches log it and drop the packet
SecHttpBlKey YOUR_API_KEY
SecRule TX:REAL_IP|REMOTE_ADDR "@rbl dnsbl.httpbl.org" "id:'99010',chain,phase:1,t:none,capture,block,msg:'HTTPBL Match of Client IP.',logdata:'%{tx.httpbl_msg}',setvar:tx.httpbl_msg=%{tx.0}"
SecRule TX:0 "threat score (\d+)" "chain,capture"
SecRule TX:1 "@gt 20"

# Remove from Dynamic Whitelist - remove allowed variable
SecRule REQUEST_FILENAME "^/ip/remove$" "chain,phase:1,t:none,deny,nolog,status:200,id:3000000"
    SecRule REMOTE_ADDR "^127.0.0.1$" "chain,t:none"
    SecRule ARGS:ip "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" "t:none,initcol:ip=%{args.ip},setvar:!ip.allowed"

# Add to Dynamic Whitelist - allowed value is 1
SecRule REQUEST_FILENAME "^/ip/whitelist$" "chain,phase:1,t:none,deny,nolog,status:200,id:3000001"
    SecRule REMOTE_ADDR "^127.0.0.1$" "chain,t:none"
    SecRule ARGS:ip "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" "t:none,initcol:ip=%{args.ip},setvar:ip.allowed=1"

# Add to Dynamic Blacklist - allowed value is 2
SecRule REQUEST_FILENAME "^/ip/blacklist$" "chain,phase:1,t:none,deny,nolog,status:200,id:3000002"
    SecRule REMOTE_ADDR "^127.0.0.1$" "chain,t:none"
    SecRule ARGS:ip "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" "t:none,initcol:ip=%{args.ip},setvar:ip.allowed=2"

# Allow any request from localhost
SecRule REMOTE_ADDR "^127.0.0.1$" "phase:1,t:none,allow,nolog,ctl:ruleEngine=off,id:3000003"

# Initialize IP Collection using the IP address obtained from x-forwarded-for or remote_addr
SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" "phase:1,t:none,pass,nolog,capture,setvar:tx.client_ip=%{tx.1},id:3000004"
SecRule &TX:CLIENT_IP "@eq 0" "phase:1,t:none,pass,nolog,setvar:tx.client_ip=%{REMOTE_ADDR},id:3000005"
SecRule &TX:CLIENT_IP "!@eq 0" "phase:1,t:none,pass,nolog,initcol:ip=%{tx.client_ip},id:3000006"

# Process Dynamic Whitelist & Blacklist
# Allow if IP is present in Dynamic Whitelist
SecRule IP:ALLOWED "@eq 1" "phase:1,t:none,allow,nolog,ctl:ruleEngine=off,id:3000007"

# Drop if IP is present in Dynamic Blacklist
SecRule IP:ALLOWED "@eq 2" "phase:1,t:none,drop,log,logdata:'Dynamic Blacklist'"

# Else rate limit the connection
SecAction chain,initcol:ip=%{REMOTE_ADDR},id:3000009,pass,nolog
SecAction "chain,phase:5,deprecatevar:ip.ratelimitcounter=1/1,pass,nolog"
SecRule IP:RATELIMITCOUNTER "@gt 100" "chain,phase:2,pause:500,deny,status:429,setenv:RATELIMITED,skip:1,nolog"
SecAction "chain,phase:2,pass,setvar:ip.ratelimitcounter=+1,nolog"
Header always set Retry-After "10" env=RATELIMITED