Ideally it's only necessary transmit about 1 frame per minute for each half-open connection, but you're right, I found one site, India's rail operator IRCTC that still blocked this traffic very quickly.

In a reverse proxy scenario, you would trigger your own IDS, so you can probably configure it appropriately...