Hiding the URL from clients, or anyone in the world is not possible. Although the intent of this question seems to be to help minimize the DOS attacks, in order to achieve that, "often changing the URL" is suggested.

1.. Keep on changing the URL of the server by probably changing the relative paths, like .com/abc to .com/xyz. 2.. keep on sending updates to client applications to connect to newer URLs if the older one is not working.