Is this thread really "on-topic" for HAProxy? Attempts to mitigate Log4Shell at HAProxy level to me feel similar to.. looking at a leaking roof of a house and thinking "I should put an umbrella above it, so the leak isn't hit by rain". Generally, it might work, but it's not something that you can expect to hold up in the long run, and it's not something construction folks would advise.
So just patch/update your vulnerable applications; and where vendors provide mitigation steps - apply those instead. -- Valters Jansons
