I believe using "ExpandPath" could be an alternative... and yes, you would have to create a mapping for each host. Are you using session variables to validate whether or not the requester is authorized; something you could check (probably in the application.cfc) before accessing the component?
... View more