You can use these environment variables, which are in %ENV:

• REMOTE_HOST (host name, may not be implemented on your system)
• REMOTE_ADDR (dotted decimal IP of the browser)
• HTTP_REFERER (the page they came from)

These are the main ones to use, although the last is not as reliable as the first two and can be easily faked. However, a simple check should keep out 99.9% of the people:

unless ($ENV{'HTTP_REFERER'} eq "$mypage") {
  print "Access forbidden. Goodbye.\n";
  exit;
}
[download]

P.S. Yes, 'referer' is spelled wrong, but that's now the official way. :)