Configuration/settings/restrict admin domain
Set this to a domain name in order to restrict access to the administrative page to only be available on that particular domain.
$c->restrict_admin_domain = 'admin.davical.mycompany.com';
The default is that any DAViCal instance will have the administrative pages active. When this setting is enabled, any requests for administrative URLs such as index.php, admin.php, setup.php and so forth, will be redirected to 'caldav.php'.
Note that even if your webserver is not listening on the specified domain, if the configuration includes the domain as a potential alias then it is possible for a remote user to spoof the domain name and still reach the administrative pages. If you want to completely block access to the admin interface of DAViCal you may want to use the related restrict_admin_port setting for more certainty.
Available from DAViCal version: 0.9.7.4 and later