Examlple for HTTP:

ip access-list extended VLAN1-IN
permit tcp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 eq 80
deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
permit ip any any

ip access-list extended VLAN2-IN
deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip any any

int vlan 1
ip access-group VLAN1-IN in
!
int vlan 2
ip access-group VLAN2-IN in

Reference :

you can look examples (reflex ACL)

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#reflexacl

You want to only TCP session look at below : (Allow Only Internal Networks to Initiate a TCP Session)

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html