Simplification is not always possible. You must use the tools at hand. Reading the article you linked to everything seemed pretty straightforward to me. A feature like rate limiting can only be simplified so much.
That said, look into using stunnel for your SSL decryption. There is a patch that will allow it to implement the PROXY protocol. HAProxy can then securely receive the client IP address from stunnel without the worry of spoofed X-Forwarded-For headers. http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt I use this method and it works great. With that out of the way, you can continue to deal with HTTP traffic in haproxy, rather than focusing on simplification, focus instead on documentation.
