Can you talk about the principle?

I think there's no way to check whether it's from "your system" or not as HTTP is stateless,one can fake it easily.

You could use a public key encryption scheme. Crypt::RSA would seem like a good start. Another option might be persistent sessions, CGI::Session might be worth a look. Sorry for the vagueness of the answer, but there isn't enough information in the original post to be more specific.

2011-08-05 @ 1255Z Edited CGI::Session CPAN link

I am the OP, I forgot to login when I post the question-_-

I don't think the encryption will work, as you need to expose the encryption method as some function, encrypt, and there's no way to stop a programmer to calculate it himself once he got the encrypt...

No way? Uhm, that very much depends on your definition of "your system". And HTTP may be stateless, TCP certainly isn't (not that statelessness matters). In the simplest case, you have a network like this:

                      ^-^-^-^-^-^-^                             ^-^-^-
+^-^-^-^
  +-------------+    /             \    +-----------------+    /      
+       \
  | Your server |===< Local network >===| Router/Firewall |===< Big Ba
+d World > 
  +-------------+    \             /    +-----------------+    \      
+       /
                      v-v-v-v-v-v-v                             v-v-v-
+v-v-v-v
[download]

So, treat a request coming from your local network as "your system", and if it comes via the "Router/Firewall", it comes from somewhere else. And you block it. Preferably at said Router/Firewall.

Now, your details may be different, but your problem seems more a networking (and in particular, a firewall configuration problem) to me, than a Perl issue.

Please think about it in web game context,where everything is happening in browser,and everything can be modified.