Fail2ban Filter Regexp

im use centos8 +fail2ban + haproxy

I have special jail "my-haproxy404" with this settings:

[my-haproxy404]
enabled  = true
port     = http,https
filter   = my-haproxy404
logpath  = /var/log/my-haproxy.log
backend  = poller
journalmatch =
maxretry = 3
bantime  = 86400
findtime  = 3600

and filter :

[Definition]
failregex = .*:<HOST>(?::\d+)?\s+.*\d* 404

my example log line is :

Sep 19 14:38:21 localhost haproxy[53925]: 77.77.77.77:55763 [19/Sep/2021:14:38:21.483] backend1 line1/test1 0/0/12/88/100 404 687 - - ---- 1/1/0/0/0 0/0 "GET /test/string HTTP/1.1"

so , ...maybe this working, but in fail2ban.log i see IP like :

INFO    [my-haproxy404] Found 0.0.217.211 - 2021-09-19 14:38:21

this is not real IP(real IP is: 77.77.77.77) , fail2ban block this IP (0.0.217.211) ....but (77.77.77.77) still working

i know have problem with regexp

can you help me with the correct regexp rule for this 404 string

Sep 19 14:38:21 localhost haproxy[53925]: 77.77.77.77:55763 [19/Sep/2021:14:38:21.483] backend1 line1/test1 0/0/12/88/100 404

regards

failregex = ^\s*\S+ haproxy\[\d+\]: <ADDR>:\d+(?: \[[^\]]+\])? \S+ \S+ \d+(?:/\d+)+ 404\b

you could also replace 404\b with (?!401)[45]\d\d\b to match any "bad" code 4xx and 5xx excepting 401 (one needs some prerequirements to consider authorization handshakes properly and there is a filter haproxy-http-auth which can be use for that)