Do you have access to the webserver configuration? Like being able
to tell apache via httpd.conf to ..
Deny from all
Allow from myservername.here.com
Allow from localhost
Would seem to obviate the need for any IP sec logic in your code
Update:Of course if you MUST do it with the script, for instance
to display a 'friendly' warning rather than a 500 Forbidden, using the CGI query object from CGI.pm you can...
I can't believe it's not psellchecked
my $q = CGI->new();
my $remote_host = $q->remote_host();