Set up firewall rules to only allow your internal systems and block everything else.
Of course this depends on your internal IP address management, but e.g. allowing RFC1918 addresses would be the easiest option. Stripping it down to only these systems that particular endpoint should be able to reach would of course be even more favourable. 😉