You should put the access list on the interface of fwsm which is connected to the server in the inbound direction. This will block all conection attempts to the server from the outside. However the server will still be listening to port 80 if web server or HTTP server is running on it. Disable HTTP server or block port 80 manually on the server to disable server from listening to port 80.