Help building an ACL

Hi am looking for help on build an ACL for a frontend
I have been looking through google for about a hour for examples to help me understand how to build ACL’s for rejecting requests.

my requirements are that clients present and SNI and http 1.1 and host header else reject the request by the front end. as I need SNI for issuing the correct cert and http 1.1 host header for the backend servers.

is there a page where I can get a noobs guide ?