The web stack isn't all that important for fighting CSRF, mod_perl is just fine. The challenge is in the design of the token(s), and this depends on the nature of your application. A CPAN module, WWW::CSRF, has a nice explanation of the problem, and maybe a sufficient solution for you!