Following on from this question, how can I ensure that the local request is coming from my server and not a forged IP address?
Is there any obvious security measures to introduce?
I would like to use this technique for running a headless browser (internally) to retrieve and generate a specified user's invoice.