Why do you want to return a 500 error and not a 403 forbidden?
If you control the firewall this server is behind, dropping the offending IP address there might be easier. Or, you could use iptables on the server itself and drop the IP addresses there without having to bother with Discourse’s configuration—just add a rule onto the input chain, substituting the address or CIDR range you want to block in place of “220.127.116.11”:
iptables -A INPUT -s 18.104.22.168 -j DROP
IMO, if you’re not going to use Discourse’s built-in IP address blacklisting, it’s better to do this kind of thing outside of the Discourse docker container. You get more control and you don’t have to screw with the base DIscourse configuration in ways that might conflict with the DIscourse team’s future developments.