As a security administrator, you are required to refine the network access controls. A server with the IP 10.2.3.4 must only respond to incoming HTTP requests from the accounting department's subnet, which is 172.16.28.0/22. Additionally, to follow a least privilege principle, the server should not respond to any other protocols or network requests. How should the ACL be configured on the perimeter firewall to fulfill this requirement?
access-list 101 permit tcp 172.16.28.0 0.0.3.255 host 10.2.3.4 neq 80
access-list 101 permit tcp 172.16.28.0 0.0.3.255 host 10.2.3.4 eq 80 access-list 101 deny ip any any
access-list 101 permit ip 172.16.28.0 0.0.3.255 host 10.2.3.4
access-list 101 permit udp 172.16.28.0 0.0.3.255 host 10.2.3.4 eq 80