When a client connects to an application, the server creates a Client object that contains information about the client and passes it to the application.onConnect() handler in Server-Side ActionScript. You can write server-side code to access the properties of the Client object and use the values to verify the validity of the connecting client:

application.onConnect = function( pClient ) {
    for (var i in pClient) {
        trace( "key: " + i + ", value: " + pClient[i] );
    }
}

Check the client's IP address

 In main.asc, check the value of client.ip and, if needed, reject the client's connection to the application:

if (client.ip.indexOf("60.120") !=0) {
    application.rejectConnection(client, {"Access Denied"} );
}

Check an originating URL

 In main.asc, check the value of client.referrer against a list of URLs that should be denied access. Make sure that SWF files that are connecting to your application are coming from a location you expect. If you find a match, reject the client's connection:

referrerList = {};
referrerList["http://www.example.com"] = true;
referrerList["http://www.abc.com"] = true;

if (!referrerList[client.referrer]) {
    application.rejectConnection(client, {"Access Denied"} );
}