Simply put, you can't. If you do not know what their IPs are then there is no way to prevent everyone else from getting to at least the main index page of the website. What you could do is hide the actual website somewhere within document root for the website. But security through obscurity is not much. You could also limit the allowed IPs to a range vs a single IP, 11.22.33.xx for instance. You could also setup https (SSL) and turn off http altogether and implement client verification through certificates. Then only people with a client certificate that you have issued to them can connect to the website.
|