You can use a valve for restricting acces to a particular IP,network,domain..

in your contex add something like:

substitute 127.0.0.1 with a convenient ip or domain
hope this helps.
bye

You can try testing the value returned by request.getHeader("Referer"). However, you are relying on the client's browser sending this information, and it is not reliable. I am using Mozilla and it doesn't appear to send this header at all. Even if it is sent by the browser, you have no guarantee that it is accurate, and I suspect that different browsers may send the results in slightly different formats anyway.

Another approach (if you have control over the link on the other page) would be to change the link to include a parameter that you can test.

If you have total control over the referring site, you could create a token of some sort on the first site, hold it on the server and then forward to the second site. That could then query the first server directly to see if the token is present.

Not very helpful, I know, but http is really supposed to be "stateless", so each request is unrelated to the previous. Cookies get around this as long as everything is on the same server.