This collection should show how haproxy can be configured to block log4shell attacks using regex.
The method described here should be viewed as an alternative to the "official" solution:
December/2021 – CVE-2021-44228: Log4Shell Remote Code Execution Mitigation
The main problem is that attackers may obfuscate the attack string in a way that it is very difficult or impossible to detect by regex. Using a WAF is a better way to deal with the issue.
There is a tool to create randomly obfuscated attack strings. It could be used by an administrator to test the robustness of blocking rules:
log4j-payload-generator