You are correct, the acl is ignored, because it is checking for HTTP headers while your client is speaking a completely different protocol.
In order to achieve what I think you’re trying to achieve, I would use something like this instead: listen mysql-db1
bind 0.0.0.0:3307
mode tcp
server db1 172.17.2.111:3306 check
server db2 172.17.2.112:3306 check backup
listen mysql-db2
bind 0.0.0.0:3308
mode tcp
server db1 172.17.2.111:3306 check backup
server db2 172.17.2.112:3306 check
… and then you connect to db2 with this command:
mysql -h name.example.com -P 3308 -uxxx -pxxx
So, basically you have HAProxy listening on 2 different TCP ports and you tell the client to connect to the preferred backend servers port (instead of using 2 separate DNS names like in your example), but will get connected to the other backend in case the preferred one is down.