Hello @aaaoz
First of all, you can enable JWT on both sides. This way, no one can use your Document server. You can set up JWT in the local.json file on the Document server side (/etc/onlyoffice/documentserver/local.json, inside the container. If you change anything in this file, you have to restart all services with supervisorctl restart all command) and on the connector app page on the Nextcloud side.
Also you can disable Welcome page itself. We discussed that case earlier, please check it out: Hide / deactivate welcome page