Esta pergunta é antiga, mas no caso de alguém se deparar com este problema:
Seu problema vem do fato de que tcp-request content
é executado antes que o HAProxy tenha recebido tempo / leitura de qualquer dado da camada 7.
Como corrigir isso?
Fácil: adicione um tcp-request inspecionar atraso :
listen http 0.0.0.0:80
tcp-request inspect delay 15s
acl abuser hdr_sub(user-agent) -f /etc/haproxy/abuser.lst
tcp-request content reject if abuser
mode http
server www1 127.0.0.1:8080 maxconn 10000
Aqui está a parte importante sobre isso na documentação do HAProxy:
Note that when performing content inspection, haproxy will evaluate the whole rules for every new chunk which gets in, taking into account the fact that those data are partial. If no rule matches before the aforementioned delay, a last check is performed upon expiration, this time considering that the contents are definitive. If no delay is set, haproxy will not wait at all and will immediately apply a verdict based on the available information. Obviously this is unlikely to be very useful and might even be racy, so such setups are not recommended.