You would block access on a network level via a firewall such as the inbuilt one in windows.
The white list of origin hosts control which hosts are able to open a websocket socket connection, so for example if your reverse proxy is available on host.com then you would need host.com as a whitelist entry to allow websocket connections from that hosts.
I would not rely on that as a security defense however as the origin host is very easy to spoof.
Instead lock it down on network level as the docs suggest. Since we don't have server licensing you can spin up a separate node that is allowed communication from inside the network.