diff --git a/paws/values.yaml b/paws/values.yaml
index 25c8ee47..7c08edc1 100644
--- a/paws/values.yaml
+++ b/paws/values.yaml
@@ -299,7 +299,16 @@ jupyterhub:
       REFINE_DOMAIN: "*"  # Check jupyterhub.ingress.hosts
     networkPolicy:
       egressAllowRules:
-        privateIPs: true  # needed for access to replicas
+        privateIPs: true  # Allow connections to private IPs, needed for access to replicas
+        nonPrivateIPs: false # Block connections to non-private IPs, except the ones allowed below
+      egress:
+        - to:
+          # Allow connections to non-private IPs only for TCP ports 80 and 443
+          - ports:
+            - protocol: TCP
+              port: 80
+            - protocol: TCP
+              port: 443
 # mysql configures the wiki replica backend variables
 mysql:
   domain: "svc.cluster.local"