You are doing the policy incorrectly
Look
Withyour policy you are allowing http access to all the internal servers
dns access to all internal servers and also https access to all internal servers
The rule should be like this
Let say your internal networks are
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
all access deny to 192.168.1.0/24
all access deny to 192.168.2.0/24
all access deny to 192.168.3.0/24
all access allow dns to all destination
all access allow http to all destination
all access allow https to all destination
That if you just want to allow access to http https and dns to the internet
Now remenber that if you got a webfilter and the ip address of the AP is the one that you need to use.... i dont know if you understand this part?
You need to use the IP addresses of the APs to use the webfilter correctly.