You can protect your OpenMeetings instance from beeing accessed from 3th party by setting up RemoteAddrValve

Here $OM_HOME/conf/server.xml (will affect the whole Tomcat)

Or here $OM_HOME/webapps/openmeetings/META-INF/context.xml

Please check Tomcat documentation for more details Docs about context, Docs about RemoteAddrValve

For example: To allow access only for the clients connecting from localhost:

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>