ASA denies traffic by default from low security to high security level if you don't have static NAT between the 2 interfaces and if you have no ACL on the low security level interface to allow the access.
However, if you have both, then it will allow access. The requirement to access high security subnet from low security subnet is to have static NAT statement as well as ACL to permit the traffic applied to the low security level interface.
If you already have both configured, and you would like to deny access to INSIDE subnet, then you have to configure ACL to deny those traffic, and make sure that it is above the "permit ip any any" rule.