socket.io security - maybe allow only from specific domain?

I build a websocket (node.js + socket.io) service that will aggregate data on clients (resolution, cli开发者_JAVA百科cks etc) and send to my admin (via websockets). However I have some concerns about security. On client's side my websocket server address is exposed like this:

var socket = new io.Socket('127.0.0.1', {'port': 3000});

so anyone can take that address and hit a milion requests (which will bring my server down).

How to protect my socket server? Maybe only allow socket connections from my domain (how)?

---

How to protect my socket server?

You can limit the number of concurrently connected clients. For example if there are 5000 actively connected clients through WebSockets, then new ones will be refused until there are some "free slots" for them.

Maybe only allow socket connections from my domain (how)?

Client (browser) connections doesn't have your domain as "origin".