LWPx::ParanoidAgent is a class subclassing LWP::UserAgent, but 
paranoid against attackers. It's to be used when you're fetching 
a remote resource on behalf of a possibly malicious user.

This class can do whatever LWP::UserAgent can (callbacks, uploads 
from files, etc), except proxy support is explicitly removed, because 
in that case you should do your paranoia at your proxy.

Also, the schemes are limited to http and https, which are mapped to 
LWPx::Protocol::http_paranoid and LWPx::Protocol::https_paranoid, 
respectively, which are forked versions of the same ones without 
the "_paranoid". Subclassing them didn't look possible, as they were 
essentially just one huge function.

This class protects you from connecting to internal IP ranges 
(unless you whitelist them), hostnames/IPs that you blacklist, remote 
webserver tarpitting your process (the timeout parameter is changed to 
be a global timeout over the entire process), and all combinations of 
redirects and DNS tricks to otherwise tarpit and/or connect to internal 
resources.

WWW: http://search.cpan.org/dist/LWPx-ParanoidAgent/