This usually does the trick for me:

my $address = $ENV{X_FORWARDED_FOR} || $ENV{REMOTE_ADDR} || "";
[download]

This returns an IP or a zero length string, which tends to be accurate enough for use as a factor in authentication. You can not be assured that the values provided by the web server environment variables are not spoofed, so multi-factoring of your incoming information is useful.