This is a corner case we did not take in consideration (yet), each service must be adapted to make visible the real IP in your reverse proxy, else fail2ban will ban the proxy 
We talked of this here : Fail2ban and webmail roundcube
After the IP of the attacker is made visible in log, we have to make a custom regex to catch the IP attacker. What is the most used scenario for proxy, apache I wonder.