The reverse proxy is authenticating users and distributing requests to other apps. How can I make sure that application will receive no connections other that those coming from the reverse proxy ? Firewall will not help with the traffic coming from the local machine.
You could add a header in the HTTP request incoming when it passes in your reverse proxy. Then in you application, you could check if that key/value is present and at that format you decided.
Simple but enough for what you describe.