Thanks for the reminder, I had forgotten about that.
I'm still not sure that's a complete solution though... you don't really prevent access to the port, you just send an access denied message instead of serving the request. (But I don't know that much about web security, so maybe that really is sufficient.)
Not sure either. It depends on whether the Arc Server is secure/{not dumb} enough such that it won't be fooled by someone pretending to be from 127.0.0.1 , for example.
Couldn't you just make Apache or Linux firewall port 8080 so all attempts to access it from outside are blocked? (That said, I wouldn't know how to do that off the top of my head.)