You wrote
Duplication across multiple app layers would arguably be even worse than duplication of a regex string in one SQL script.
which I see differently. How bad some duplication is, does not so much depend on the layer where it happens, it depends on what kind of logic exactly is duplicated. But give me a little bit of space to explain this.
Before automatically assuming that any kind of logic duplication must be eliminated, you should first ask yourself what you're actually trying to achieve with it. Certain forms of duplication are perfectly tolerable, others are not. The DRY principle isn't an end in itself, it is a means to an end, and especially across layers following DRY without further considerations may lead to a worse architecture than accepting some duplication.
The goal of not duplicating logic is to avoid bugs which can occur by duplicated logic getting accidentally out of sync. Still, when it comes to validation logic in frontend and backend, non-identical validations do not necessarily introduce bugs. Validation logic in the frontend has mainly the purpose of speeding up the application's UI so the user does not have to wait for a server response for each and every key stroke. But as long as the frontend's validations are not stricter than those of the backend, the worst thing which will happen is that the user gets a later response about a piece of data which is malformed or inconsistent. Backend validation, however, should be the higher authority - it should contain all checks which are necessary to prevent the main business logic to malfunction. So when validation logic is maintained and extended, the focus for correctness should be on the backend, following the mantra "make things right, then make things fast - in that order".
Moreover, having the same logic in two places (even in different layers) is much more acceptable when the logic is not overly complicated and changes rarely, maybe only every few months or years, and not at run time. To make this more clear, let us look at your dynamic parameter example. In this validation and its implementation I spot mainly three different types of logic:
The logic which data type each parameters has. For example, SERVERPATH shall be a parameter of the type "URL".
The rules how the content of a text field has to be formed to represent a specific data type (like the format description of a valid URL, as it is written down in RFC 1738 - independent from a specific implementation).
Finally,there is also the logic which connects the type formatting rules to a certain regex (which can be regex engine specific).
For (1), since the parameter definitions change dynamically at run time, there should definitely be a single source of truth. Having the frontend and the backend a different "opinion" about what parameter is a URL, or a date/time, or a an integer, has a high risk to lead to bugs. So a single parameter table which the frontend as well as the backend both use as a reference is a sensible approach.
For (2), the rules how certain data types have to look like when entered at a UI are relatively stable. As long as your frontend and your backend uses mainly standard data types like integers, strings of certain length, float values or calendar dates, it is perfectly acceptable to have two implementations for each of those type validations, one at the backend in its programming language, and one at the frontend in its - probably different - language. You won't introduce a maintenance headache this way, since all popular high level programming languages provide means for a simple implementation of such type checks. Even the rules for standard URLs are pretty stable (as long as you don't need to validate specifics like which top level domains or protocols are allowed, or whether the URLs are on some blacklist). This means, your idea of having a specific type field instead of a regex may require a duplicated type check implementation on frontend and backend. But that's an acceptable one, as long as you don't need a long, dynamic list of exotic data types.
(3), the idea of mapping every parameter directly to a regex (without having the abstraction of a type in between) is a half-baked approach to avoid similar code for the necessary type checks in (2). Unfortunately, this comes with its own hassles. As you have written by yourself, duplicating the same regex for the same data type over and over again is not the best idea. Though the rules how a general data type has to look like are mostly stable, having the rule how to map this to a regex a few dozen times in your system can introduce long-term maintenance issues. One can resolve this by using two tables: one type table listing the allowed types and their regexes, and a parameter table which refers to this type table. As Arseni has already explained, you may need not just one regex, but two different ones (one for the frontend and one for the backend).
But there are more problems. What if your application wants to support localized input and adapt the validations dynamically (for example, which decimal separator has to be used for a floating point number, or how dates are formatted)? A static regex is obviously not enough for this case, you may need either localized regexes or a dynamic regex creation, maybe with some template mechanic. What you typically want here is a frontend which behaves (and validates) localized, but converts data to a region-agnostic format before transferring it to the backend. This requires far more than a simple descriptive regex.
So in short:
Yes, using specific types instead of just one regex per parameter is definitely the more robust approach, and it will allow validations (and maybe conversion according to local settings) for which a static regex isn't enough. Using specific code for each of the types in frontend and backend produces some duplication, but this is often an acceptable form of duplication, at least for a small fixed number of types.
When there is a requirement to allow the users of your system introduce their own user-defined types, with the idea of regexes for validation of these types, I would recommend to make this an additional feature, to a list of predefined, maybe localizable data types. Still, you should check whether your frontend and backend can process the regexes by using the same underlying regex engine. Another approach could be to use a simplified pattern description, or a simplified common regex subset. Another approach could be to rely only on backend validation for these special types, given they occur seldom enough that its acceptable for the user for not getting immediate failure response during typing. As a last resort, you may let the user specify two different regexes, one for the frontend and one for the backend.