Can’t you just disallow all external requests other than your own IP? If it’s a personal website that’s just for you then it really doesn’t need to be accessible by anyone else and if anyone comes along that needs access you can just manually add their IP.
It’s a minor pain to have to implement it, but it’s an easy solution
But once you’ve got them that’s the end of it they’re unlikely to change their IP addresses.
My point is it’s not like you need to be public facing, whether it would be literally millions of IP addresses that would be valid amongst a few dozen that are invalid.
Can’t you just disallow all external requests other than your own IP? If it’s a personal website that’s just for you then it really doesn’t need to be accessible by anyone else and if anyone comes along that needs access you can just manually add their IP.
It’s a minor pain to have to implement it, but it’s an easy solution
I have family and friends that also access the sites contents, so that’s sadly not feasible without getting the IPs from dozens of different devices
But once you’ve got them that’s the end of it they’re unlikely to change their IP addresses.
My point is it’s not like you need to be public facing, whether it would be literally millions of IP addresses that would be valid amongst a few dozen that are invalid.