traffic flow between IPI, application security policy, bot detection, DoS protection, irule, and geolocation

I want to know how the traffic flow between IPI, application security policy, bot detection, DoS protection, irule, and Geolocation (using irule for Geolocation).

I am using Global IPI (mean IPI does not attached to any VS) and have an irule for Geolocation and only have module ASM and LTM (No APM and AFM).

I understand that irule can be arranged by the order.

The application security policy, bot detection, DoS protection, irule are attached to VS.

Here is what I understand the traffic flow.

The traffic hits Global IPI -> reached VS for irules in order (including Geolocation, I always put Geolocation at first place) -> Application security policy -> DoS -> Bot detection.

Is this correct? Or will application security policy , Dos, Bot detection happen at the same time?

What is the best practice for Geolocation? Using an irule for Geolocation or using Geolocation in application security policy?