Updating a file and reloading, like you suggest, or:
Updating a file (so that future reload/restarts have uptodate data), but instead of reloading haproxy you can add or remove entries via the admin socket:
https://cbonte.github.io/haproxy-dconv/2.2/management.html#9.3-add%20acl
When you run out of RAM.
Blocking them in iptables (with ipsets) or the equivalent in nftables is probably even more efficient.