Comment Perhaps using HTTP referrers? (Score 1) 297
It is hard to think a good solution without knowing what you mean by "locals" (is there a simple offline way to get them a passphrase?), what kind of users you have (will they be thrown off from the site if they have to login?), etc.
Anyway, something that might work and can be used together with other filtering methods mention by other people here is filtering by HTTP referrer field.
This is assumming that your users have alternate ("local") ways of getting the URL of your site, and you don't mind being a bit detached from the rest of the web (apparently, you don't). So what you do, is filter every HTTP request where the referrer field is not empty or inside your site. This will essentially stop people from following links from other sites (google, blogs, whatever) into your site. You will be able to enter your site only by entering your URL (like knowing the BBS phone number), and then following internal links. Of course, this is not "secure" (for someone who knows http, it is not very hard to enter directly once they realize how the filter works), but I think it will stop a lot of "casual bypassers".
Btw, if you avoid being in google (robots.txt covering your whole site) you will avoid a lot of visitors already.