I went for the global fix (domain.xml) in the end - equivalent to the create-virtual-server command mentioned above but I just added the property allowLinking = false thru the admin console - by default in:
Configuration -> HTTP Service -> Virtual Servers -> server
[Message sent by forum member 'ocoro02' (ocoro02)]
http://forums.java.net/jive/thread.jspa?messageID=292801