First of all it doesn’t make a lot of sense to block IP’s on a intermediate proxy. I would strongly suggest to block bad source IPs at the edge proxy that actually sees the client. Otherwise you will just block your own proxy, and you may self-DDoS yourself with this, as the edge proxy may retry or failover to another backend. This is especially true for “tcp-request *”.
Also see this guy’s problem:
Oh wait, that’s actually you. Here we go, we found the root cause for that issue as well 
So, move your IP/abuse protection to the edge proxy. If you cannot do this, then use an layer 7 rejection, with “http-request deny”.