I'm looking for something to just block zcc ./zenworks access.
Under the following directory you will find a file named context.xml:
Edit the file with your favorite text editor and add the following line between "<context>" and "</context>" tags:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.0.*"/>
Then only hosts in the 192.168.0.0/24 network would get access to ZCC.
After saving the edited file you need to restart ZENworks before the changes take effect.