Use case: You have a dispatcher in front of author instance and you want everyone to access author through dispatcher.
Approach1: You can have your author in a DMZ or behind the firewall and open firewall port for only dispatcher.
modify server.xml under /crx-quickstart/server/etc/ and add following entry
<ip-address><IP address you want to deny></ip-address>
<ip-address><IP you want to allow></ip-address>
See server_3_0.dtd for details of tags.
You can also use dispatcher.any file to allow specific IP