External AGI request authentication

I have an AGI application which is running in another machine different than asterisk, so basically Im using FastAGI.
I will like to expose this application to the outside world, so people running asterisk can take advantage of it.
Now I will like to give access to it, only to the gateways I want (by IP address).

In an AGI request, the parameter RemoteAddress (at least on my AGI implementation called Asterisk.NET) holds the IP address of the gateway (asterisk) making the request, now I could use this information to allow/deny gateways using my AGI app.

This is my concern, is it possible for someone (with bad intentions) to fake the IP address value in request.RemoteAddress?
Can I fully trust in this information?
Is there any other way to do it?

I guess the bottom line is how do i authenticate external AGI requests, trusting only the ones that comes from a known gateway?

Thanks in advance.


Asterisk.NET’s RemoteAddress property is exposing the tcp socket endpoint so there is no way that this could be faked other than IP spoofing which I find very hard to believe on a running TCP connection.