HTTPS is encrypted. That means you cannot access it’s contents, unless you decrypt it first.
I may not be able to but HAProxy should since it usually decrypts the stuff. Otherwise how can HAProxy see the methods, hostnames, paths and other stuff supplied by the client?
You yourself have said stuff like: ( PROPFIND - http-request deny unless METH_GET - #2 by lukastribus ):
acl METH_PROPFIND method PROPFIND
So how would HAProxy know the method is PROPFIND and not SSTP_DUPLEX_POST if it doesn’t decrypt stuff?