"still uses the common gateway interface" is true in itself, but definitely not the complete truth.

With mod_perl you can have complete control over the handling of a request, allowing to forego the setting up of environment variables that are part of the CGI specification. Instead of environment variables, you have methods that can be called on a number of objects, representing the request, the connection, the configuration of the Apache server, etc,

And since there is no external program being called, there is no concept of piping information to/from that program (as specified in the Common Gateway Interface). Although stdout is usually tied to what will be sent to the browser.

The handling of the request can go pretty far: in mod_perl 2 it is even possible to have piece of Perl code executed before the connection is completed. This allows you to bar bad visitors from using any of your servers' resources, e.g. depending on IP-number.

Liz