Don’t use SNI. Use the host header.
acl www-acl hdr_dom(host) dr-www.totalflood.com
acl xml-acl hdr_dom(host) dr-xml.totalflood.com
If you want to use SNI (you don’t), then the docuementation clarifies how:
req_ssl_sni: Returns a string containing the value of the Server Name TLS extension sent by a client in a TLS stream passing through the request buffer if the buffer contains data that parse as a complete SSL (v3 or superior) client hello message. Note that this only applies to raw contents found in the request buffer and not to contents deciphered via an SSL data layer, so this will not work with “bind” lines having the “ssl” option.
So in your configuration (terminating SSL), you’d need to access SNI with ssl_fc_sni and not with req_ssl_sni.
HOWEVER using SNI here is completely useless and will lead to other issues. Stop using SNI and use the Host header instead. The host header should always be used whenever possible.