I'm looking to open up a site with a login portal to the internet, but I'm hoping to avoid the page getting scanned too much and avoid bruteforce attempts on the login. I know there are some solutions that already exist like Fail2Ban, but I'm hoping for something different if it exists.
My thinking is that I'd like to put an IP filter on the page, but that I could "automate" adding IP addresses somehow. I was thinking I could have some sort of authentication server where I could email someone a unique URL that they would click on and provide some kind of information confirming that they're who they say they are. Once confirmed, the public IP that was used to access the unique URL would be added to a whitelist that would allow access to the login portal.
Is there a service that exists that could do something like this? I had a quick look at Authelia and SuperTokens, but I'm not sure if that's what I'm looking for.
Thanks for the insight. I'm not worried about people logging in from different locations to be honest. The access would pretty much just be for the day then that's it. My main concern (or I guess I could say wish) is that I can leave the site "exposed" to the internet without having a bunch of bots scanning it all the time. So I was hoping for some kind of solution where the site would be completely hidden until someone authenticates themselves. I mentioned IP whitelisting because that's all I could think of, but maybe there would be another way? Or maybe what I'm asking just isn't possible?