Topic: rails 3 devise avoid access /sign_in path

I use devise for rails 3.2 for authentication. I've changed the default routes from devise to:

devise_scope :user do
    get 'signin' => 'devise/sessions#new', :as => :new_user_session
    post 'signin' => 'devise/sessions#create', :as => :user_session
    match 'signout' => 'devise/sessions#destroy', :as => :destroy_user_session,
          :via => Devise.mappings[:user].sign_out_via

Now my sign in and sign up form is on the root site. How can I avoid to access but grant access to only

when i remove it, i will get an error message like this
oMethodError in Authentication#welcome

    Showing /Volumes/Develop/login_app/app/views/authentication/welcome.html.erb where line #6 raised:
    undefined method `user_session_path' for #<ActionDispatch::Routing::RoutesProxy:0x007ffb4d711a10>
    Extracted source (around line #6):

i have sign_in und sign_up on the root site..looks like this

    <h2>Sign in</h2>
    <%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
        <div><%= f.label :email %><br />
          <%= f.email_field :email %></div>
        <div><%= f.label :password %><br />
          <%= f.password_field :password %></div>
        <% if devise_mapping.rememberable? -%>
            <div><%= f.check_box :remember_me %> <%= f.label :remember_me %></div>
        <% end -%>
        <div><%= f.submit "Sign in" %></div>
    <% end %>
    <%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
        <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
    <% end -%>
    <h2>Sign up</h2>
    <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
        <%= devise_error_messages! %>
        <div><%= f.label :email %><br />
          <%= f.email_field :email %></div>
        <div><%= f.label :password %><br />
          <%= f.password_field :password %></div>
        <div><%= f.label :password_confirmation %><br />
          <%= f.password_field :password_confirmation %></div>
        <div><%= f.submit "Sign up" %></div>
    <% end %>

now somebody can come and put in the url and then it will show the sign_in form, i will avoid this, because it should show on the root site...
the same scenario like sing_up...