Restrict access to web directory using acl

The requirement is to allow a specific user (e.g. someuser) full access to a directory (e.g. /var/www/html/someproject) via SSH/SFTP, but not allow browsing anywhere else. Is it possible using only ACL? --- I tried setting ACL like this:

setfacl -m u:someuser:--- /*  # no access to directories under root
setfacl -m u:someuser:x /var
setfacl -m u:someuser:x /var/www
setfacl -m u:someuser:x /var/www/html
setfacl -R -m u:someuser:rwx /var/www/html/someproject

But then SFTP would fail to connect with error:

Cannot initialize SFTP protocol. Is the host running an SFTP server?

Allowing access to some of the directories under root (e.g. /etc) fixes this, but then browsing in these directories would be allowed.