[XTR] IP Threat Monitor 1.0.14

• New Feature: Added Apple iCloud Private Relay IP detection using Apple's official IP list (egress-ip-ranges.csv). The add-on now downloads and caches Apple's official CIDR ranges (refreshed every 24 hours) and checks VPN-flagged IPs against this list. This ensures iCloud Private Relay users are never blocked, regardless of what ProxyCheck.io reports.
• Critical Fix: Resolved an issue where iCloud Private Relay IPs were incorrectly blocked even when "Allow iCloud Private Relay" was enabled. The root cause was that Apple routes Private Relay traffic through Cloudflare/Akamai infrastructure, so ProxyCheck.io returned "Cloudflare" as the provider instead of "Apple."
• New Service: Added ApplePrivateRelayIPs.php service for fetching, caching, and validating Apple's official IP ranges.
• Improvement: "Clear API Cache" now also clears the Apple Private Relay IP cache, forcing a fresh download of Apple's IP list.
• Improvement: Enhanced keyword matching for Apple-related providers (added "iCloud", "Apple Computer", AS714, AS6185 as fallback checks).

This is a critical update that resolves an issue where Apple iCloud Private Relay users were incorrectly blocked as VPNs.

The Problem:
Apple iCloud Private Relay routes traffic through Cloudflare and Akamai infrastructure. When ProxyCheck.io scanned these IPs, it returned provider: Cloudflare instead of provider: Apple. Our previous detection logic searched for "Apple" or "iCloud" in the provider name, which failed to match.

The Solution:
We now use Apple's official IP list directly from mask-api.icloud.com. The add-on:

1. Downloads Apple's official egress IP ranges
2. Caches them locally (refreshed every 24 hours)
3. Checks every VPN-flagged IP against Apple's CIDR ranges
4. If the IP matches and "Allow iCloud Private Relay" is enabled → never blocked

Recommended Action:
For best results, also enable ProxyCheck.io's built-in whitelist:

1. Go to ProxyCheck.io Dashboard → Custom Rules
2. Click "BIG BUSINESS" category
3. Add the "Allow iCloud Private Relay" rule

This provides two layers of protection — at the API level and at the add-on level.

No database changes. Safe to upgrade on production environments.

• Critical Fix: Implemented a self-healing mechanism for the API Health Check. The system no longer relies on XenForo's internal cache TTL (which could fail in some environments) but uses explicit timestamp validation to auto-recover from API outages.
• New Feature: Added "Clear API Cache" option to the Logs > Prune Logs page. This allows admins to manually reset the API status via AJAX without reloading the page.
• Bug Fix: Fixed ArithmeticError: Bit shift by negative number that occurred when matching IPv4 addresses against IPv6 CIDR ranges (mixed IP version context).
• Bug Fix: Fixed TypeError: stripos(): Argument #1 ($haystack) must be of type string when handling array responses from ProxyCheck.io (Fixed provider/operator array handling).
• Improvement: Enhanced iCloud Private Relay detection logic to be stricter, preventing false positives for VPNs containing "Apple" in their name (e.g., "GreenAppleVPN").
• Improvement: The uninstallation process now performs a deeper cleanup, removing all internal API health and error cache keys to ensure a clean slate upon reinstallation.

This is a critical maintenance and stability update that resolves a persistent issue where VPN/Proxy detection would stop working after a period of time.

Highlights:

• Self-Healing API Mechanism: We identified that XenForo's database-based SimpleCache could cause API error flags to get "stuck," indefinitely disabling VPN checks. We have implemented a new timestamp-based self-healing system. If an API error occurs (timeout, quota limit), the system now automatically recovers and resumes checks after 10-15 minutes without any admin intervention.
• New Maintenance Tool: Added a "Clear API Cache" option under the Prune Logs page. If you ever suspect the API is stuck, you can clear the health cache manually with one click without uninstalling the add-on.
• Stability Fixes: Fixed arithmetic errors when comparing IPv4/IPv6 addresses and handled array responses from the API correctly.

• Improvement: Enhanced the logic for "iCloud Private Relay" detection. The system now uses stricter validation (checking for specific identifiers like "Apple Inc." or "iCloud Private Relay") to prevent false positives where unrelated VPNs with similar names were being whitelisted incorrectly.
• Fix: Fully resolved the data type mismatch (Array vs String) error when processing API responses, ensuring stability for all network types.

This update brings critical improvements to the VPN detection engine.

• Smarter Whitelisting: We've refined how the whitelist works for Apple/iCloud users. Previously, a loose check could allow unrelated VPNs to bypass the block if their name contained "Apple". The new logic is much stricter and safer.
• Stability: Fixed edge cases where API data formats could cause errors on certain server configurations.

• Alert Bug Fixed: Resolved an issue where IP Threat alerts were not visible in the alerts popup/list due to missing content handlers. Alerts are now properly integrated into the notification system.
• API Data Handling: Fixed a server error log (TypeError) caused by unexpected array data formats in the ProxyCheck.io API response for ASN/Provider fields.

This maintenance release focuses on stability and better integration with XenForo's alert system.

• Fixed: Users can now properly view "IP Threat" alerts in their notification list. Previously, these alerts were generated but remained hidden.
• Fixed: Resolved a server error log triggered when the VPN detection API returned data in an unexpected format. This ensures smoother operation and cleaner logs.

• [New] Check All Visitors: Added "Check all visitors for country flag" option. It is now possible to display country flags for all visitors regardless of the protection mode (Moderate/Aggressive).
• [New] Geo-Blocking: Added the "Blocked Countries" setting to permanently block all traffic from specified countries (e.g., CN, RU).
• [New] Integrated Diagnostics Tool (Revamped): Added a completely redesigned diagnostics tool with visual charts and Vanilla JS structure, compliant with XenForo 2.3 standards.
• [New] Last URL Tracking: Added the ability to see the Last URL and User Agent information of visitors/blocked IPs (via tooltip in Admin Panel).
• [New] Smart Prune: Introduced an optimized cleaning mode that removes old logs while preserving "Blocked" and "Blacklisted" records.
• [New] Comment Support: Support for comments using the '#' character has been added to the Blocked ASNs list.
• [Fix] Fixed a logic error where country/flag checks were skipped for Admins and Trusted users.
• [Fix] Fixed the "IP address is required" error that occurred when performing actions in Admin Panel IP lists.
• [Fix] Resolved various database and getter errors in Setup.php and User entity extension.

This comprehensive update brings critical features to the add-on. The most notable addition is the "Flag Display" option, allowing you to show country flags for all visitors even in "Moderate" mode. Additionally, the "Geo-Blocking" feature is now available to block unwanted traffic from specific countries. The "Integrated Diagnostics Tool" has been extensively rewritten and now features,
Management capabilities have been maximized with "Last URL Tracking" and "Smart Prune" features.

• [Fix] Resolved an issue where the xentr_ipt_country column was not being created in the xf_user table during fresh installations (Fixed step ordering in Setup.php).
• [Fix] Fixed the Cache Logic in "Test Configuration" page where "Direct DB Mode" (when Redis/APCu is unavailable) was incorrectly reported as a failure. It is now recognized as a valid passing state.
• [Fix] Corrected a layout alignment issue with status icons in the admin test results.
• [Refactor] Replaced all hard-coded strings in the "Test Configuration" page with XenForo phrases, ensuring full multi-language support.

This update focuses on improving stability and refining the user experience. With critical fixes to the installation infrastructure, we ensure the add-on runs smoothly in all environments.

Highlights:

• Robust Installation: Eliminated potential issues with database schema creation during fresh installs and upgrades.
• Full Multi-Language Support: The "Test Configuration" page in the Admin CP is now fully phrased and translatable. Hard-coded text has been removed.
• Smarter Diagnostics: The system self-test tool now intelligently analyzes your server configuration, preventing false positives regarding cache settings.

We recommend all users upgrade to this version.

• [New] Added "Prune / Clear Logs" tool to Admin Dashboard for easy database cleanup.
• [New] Added "Top Threat Countries" widget to the main Dashboard.
• [New] Added "Allow Legitimate Network Types" option to prevent blocking Wireless, Residential, and Business IPs.
• [Update] Added country flags to Blocked, Blacklisted, and Log List views for better visual identification.
• [Update] Dashboard navigation now includes a shortcut for the Prune tool.
• [Update] Improved database structure for better geo-analytics.
• [Fix] Resolved an issue where country flags were not updating correctly in some detection modes.

Note: Country flags and geo-stats require an active VPN/Proxy detection setting and a valid API key. Data will populate for new visitors after the update.


This update focuses on better data visualization, smarter false-positive prevention, and easy data management features requested by the community.
Highlights:

• Smart Mobile Protection: Introduced a "Allow Legitimate Network Types" option. This intelligent filter prevents false positives for users on mobile networks (CGNAT) or residential connections, ensuring genuine visitors are not blocked.
• Top Threat Countries: A new dashboard widget now visualizes the top 5 countries generating the most threat logs.
• Data Pruning System: You can now easily wipe old logs, clear blacklist/blocked lists, or reset all data with a single click using the new "Prune" tool in the dashboard.
• Visual Improvements: Country flags are now displayed across all IP lists (Blocked, Blacklisted, Logs) for better identification at a glance.

• Refactored options page into a tabbed layout (General, Rate Limit, VPN & ASN, Exemptions).
• Added ASN (Autonomous System Number) based blocking system.
• Added Country Flags display in user postbit information.
• Added xentr_ipt_country column to xf_user table.
• Added option to white-list Apple iCloud Private Relay traffic.
• Fixed array/string conversion error in Blocked ASN list input.
• Refactored Setup.php structure (Install/Upgrade/Uninstall) for better maintainability.
• Updated Test Configuration tool to include database schema checks and new feature validation.

This update brings a major leap in both usability and protection capabilities! The admin panel is now cleaner, and blocking capabilities are more precise than ever.

1. Modern Tabbed Interface:
No more endless scrolling! All options are now organized under logical tabs. Finding the setting you need takes just seconds.

2. ASN Blocking (Stop the Bots!):
Beyond simple IP blocking, you can now block entire network providers based on their ASN.
Example: You can block entire data centers hosting AI scrapers (e.g., specific DigitalOcean or AWS ASNs) in one go.

3. Country Flags :
See where your users are connecting from at a glance. Country flags are now automatically displayed next to usernames in posts. (Integrated seamlessly with the VPN detection system).

4. iCloud Private Relay Friendly:
Don't lose real users! Added a new option to whitelist traffic from Apple iCloud Private Relay, ensuring legitimate Apple users aren't blocked by VPN filters.

Update Note:
After upgrading, it is recommended to run the "Test Configuration" tool in the Admin Panel to verify that the database schema and settings are correctly applied.

• Added "Allow iCloud Private Relay" option to prevent false positives.
• Exempts legitimate Apple iCloud Private Relay traffic from VPN/Proxy blocks.

This update introduces full support for Apple's iCloud Private Relay. A new option "Allow iCloud Private Relay" has been added (enabled by default) which ensures that users browsing via iCloud Private Relay are not mistaken for VPN/Proxy abusers. This allows you to keep strict VPN protection enabled (e.g., "First Visit" mode) without blocking legitimate Apple users.

New

• Added "VPN Check Mode" option with 3 modes: Aggressive, Moderate, and First Visit
• Moderate mode allows balanced API usage while maintaining security
• First Visit mode provides proactive VPN detection for high-security sites

Fixed

• Fixed IPv6 address validation error ("String offset cast occurred")
• Cloudflare IPv6 addresses are now properly checked against IP ranges

Improved

• Test Configuration page now includes VPN detection status
• Test Configuration shows VPN Check Mode with API usage warnings
• Added recommendation when "First Visit" mode uses high API quota

This update introduces a new "VPN Check Mode" setting that gives you control over when VPN/Proxy checks are performed. You can now choose between minimal API usage (Aggressive), balanced approach (Moderate - recommended), or maximum protection (First Visit).

An important bug fix resolves an error that occurred when checking IPv6 addresses such as Cloudflare IPs.