Well.. This should pretty simple then.. From your Firewall, you should be able to block port 443 or 80 (81 for ePolicy Orchestrator) and only allow from specific machines..
Have you seen this app? I saw this over at http://pricelessware.org
It is very cool when trying to diagnose packets across the Internet..
http://www.ethereal.com/
Otherwise, you may have to get into your hub/switch and watch packets.. So let's see if we can wrap this up in a nutshell.. You want to only allow one or two systems to be webservers and log any others and then turn off the ones you don't want. This is probably being driven by a security audit.
Why not log the services started from each machine? Then the rest becomes pretty simple..
Kent
