AGI request RemoteAddress parameter, validate a gateway

I have am AGI application which is running in another machine different that asterisk, so basically I?m using FastAGI.
I will like to expose this application to the outside world, so people running asterisk can take advantage of it.
Now I will like to give access to it, only to the gateways I want (by IP address).

In an AGI request, the parameter RemoteAddress holds the IP address of the gateway (asterisk) making the request, now I could use this information to allow/deny gateways using my AGI app.

This is my concern, is it possible for someone (with bad intentions) to fake the IP address value in request.RemoteAddress?
Can I fully trust in this information?
Is there any other way to do it?

Thanks in advance.