It was not exactly what I meant.
Example, i have my production apache server running very well.
Another person start a new apache server whithout authorization, so the jboss will accept requisitions from both.
The idea is, configure the ajp connector to accpet connections only from known apache servers.
In that case, you should consider some firewall configuration (iptables on linux) to control network traffic access to your JBoss instance.