Pls, Suggest me to writting allowlist url domain (https), I try to test but it doesn't work

Hi, All
I wanna to allow only “ or” only otherwise traffic as tcp/http i will be dropped them all.
I’ve written suricata rules set as following

pass tls [,] any → $EXTERNAL_NET 443 (tls.sni; dotprefix; content:“”; nocase; endswith; msg:“TLS Allowlisted access to”; flow:to_server, established; sid:1; rev:1;)

drop tcp [,] any → $EXTERNAL_NET any (msg:“Not matching any TLS allowlisted FQDNs”; flow:to_server, established; sid:2; rev:1;)

Pls, recommended me with Thanks.

With dotprefix you may not need the leading dot in the content, right ?

Another point : I am not sure this logic works because you may drop the tcp syn packet to 443 before you know the tls sni