Restricting Jetty Access to Server Only

I'd like to restrict Jetty access to the server itself only (CF2021).  I need to do this because the port, 8993, is coming up on a security scan.  I can't use Windows Firewall to block the port (it's complicated, but long story short, it's not an option).

I have found two places to do this, I think:

[cf]\cfusion\jetty\start.ini

## Connector host/address to bind to
# jetty.http.host=0.0.0.0

## Connector port to listen on
jetty.http.port=8993

I'd change the 2nd line to jetty.http.host=127.0.0.1.  Would this cause any problems?  I did this in my test environment and the server seemed fine.  We don't use Solr; we do use PDF generation, and PDFs still generated after I made this change.

[cf]\cfusion\jetty\etc\jetty-ipaccess.xml

<Configure id="Server" class="org.eclipse.jetty.server.Server">
    <Call name="insertHandler">
        <Arg>
            <New id="IPAccessHandler" class="org.eclipse.jetty.server.handler.IPAccessHandler">
                <Set name="white">
                    <Array type="String">
                        <Item>127.0.0.1</Item>
                    </Array>
                </Set>
                <Set name="black">
                    <Array type="String">
                        <Item></Item>
                    </Array>
                </Set>
                <Set name="whiteListByPath">false</Set>
            </New>
        </Arg>
    </Call>
</Configure>

I'm confused about this, as it already looks like it is using a whitelist, and that whitelist is only 127.0.0.1.  And yet when this command is run, it outputs JSON data:

curl [server]:8993/solr/admin/info/properties

FYI, this post is a continuation of a convo that was started here:

https://community.adobe.com/t5/coldfusion-discussions/upgrade-or-patch-for-solr-in-coldfusion-2021-to-current/m-p/15615533#M202665