On your edge routers you can deploy ACLs to allow for example only http and https, but if your users need to use other port/protocols, you would need to allow these as well.
Have a look at this link for examples;
http://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html
HTH