To prevent RTSP connection to the origin, change the origin Application.xml /RTP /Authentication /PlayMethod to "digest".
To prevent HTTP clients from connecting to the origin, you could use onHTTPSessionCreate to reject all sessions; or you could packetize on the edge.
First solution, add this Module to reject all HTTP sessions. Edge's use RTMP to origin even for HTTP clients, so it should work.
2nd solution is packetize on the edge. Remove all LiveStreamPacketizers from the origin, and change the repeater packetizers on the edge to the regular LiveStreamPacketizers that you were using on the origin.
public class ModuleAccessControlHTTPStreaming extends ModuleBase
public void onHTTPSessionCreate(IHTTPStreamerSession httpSession)