Add-Ons [XTR] IP Threat Monitor 1.0.14

A new update is available for [XTR] IP Threat Monitor by Offical.

[XTR] IP Threat Monitor 1.0.14​

Update highlights​

This is a critical update that resolves an issue where Apple iCloud Private Relay users were incorrectly blocked as VPNs.

The Problem:
Apple iCloud Private Relay routes traffic through Cloudflare and Akamai infrastructure. When ProxyCheck.io scanned these IPs, it returned provider: Cloudflare instead of provider: Apple. Our previous detection logic searched for "Apple" or "iCloud" in the provider name, which failed to match.

The Solution:
We now use Apple's official IP list directly from . The add-on:

1. Downloads Apple's official egress IP ranges
2. Caches them locally (refreshed every 24 hours)
3. Checks every VPN-flagged IP against Apple's CIDR ranges
4. If the IP matches and "Allow iCloud Private Relay" is enabled → never blocked

Recommended Action:
For best results, also enable ProxyCheck.io's built-in whitelist:

1. Go to ProxyCheck.io Dashboard → Custom Rules
2. Click "BIG BUSINESS" category
3. Add the "Allow iCloud Private Relay" rule

This provides two layers of protection — at the API level and at the add-on level.

No database changes. Safe to upgrade on production environments.

Complete Change Log​

• New Feature: Added Apple iCloud Private Relay IP detection using Apple's official IP list (
  Dear Guests, welcome! Please, Log in or Register to view hide content!
  ). The add-on now downloads and caches Apple's official CIDR ranges (refreshed every 24 hours) and checks VPN-flagged IPs against this list. This ensures iCloud Private Relay users are never blocked, regardless of what ProxyCheck.io reports.
• Critical Fix: Resolved an issue where iCloud Private Relay IPs were incorrectly blocked even when "Allow iCloud Private Relay" was enabled. The root cause was that Apple routes Private Relay traffic through Cloudflare/Akamai infrastructure, so ProxyCheck.io returned "Cloudflare" as the provider instead of "Apple."
• New Service: Added ApplePrivateRelayIPs.php service for fetching, caching, and validating Apple's official IP ranges.
• Improvement: "Clear API Cache" now also clears the Apple Private Relay IP cache, forcing a fresh download of Apple's IP list.
• Improvement: Enhanced keyword matching for Apple-related providers (added "iCloud", "Apple Computer", AS714, AS6185 as fallback checks).

Read more about this product...

Hi,

I am having issues where it looks like Country blocking is not working.

I have it set to block China with CN, however when I look at my analytics and stats, it tells me that China is still my top online active users. This is both under Cloudflare and under my Google Analytics online users in realtime. It is showing 580 online users from China when it should be zero. All the China traffic for my site is malicious junk traffic and I want to eradicate it from hitting any of my stats at all

Could you please share details about your current configuration settings? This will allow me to analyze the situation accurately and properly.

XenTR said:

Dear Guests, welcome! Please, Log in or Register to view hide content!

Click to expand...

What details do you need specifically?
Is there a printout you would like or do you want e to screenshot the configuration test page?

I can also provide temp admin access if that helps?

Dannymh said:

Dear Guests, welcome! Please, Log in or Register to view hide content!

Click to expand...

Hi,

Thank you for the detailed report. I've identified the issue.

The Problem:
In the current version, country blocking (geo-blocking) is processed within the VPN/Proxy detection flow. This means:

• If VPN Detection is disabled or you don't have an API key → the geo-blocking code is never executed
• Country information is obtained from ProxyCheck.io API response

Why This Happens:
When a visitor comes from China, the system needs to:

1. Make an API call to ProxyCheck.io
2. Get the country code from the API response
3. Check if that country is in your blocked list

If VPN Detection is disabled, step 1 never happens, so we never learn their country.

Immediate Solution:
Please ensure these settings are enabled:

1. VPN/Proxy Detection → Enabled
2. VPN API Key → Must have a valid ProxyCheck.io API key
3. VPN Check Mode → Set to "Moderate" or "First Visit" (First Visit checks everyone on arrival)
4. Blocked Countries → CN (which you already have)

Important Note:
This affects only XenForo traffic. Cloudflare and Google Analytics count visitors before they reach your XenForo site. Even if our add-on blocks them, those analytics services will still count the initial request. To block at the edge level, you need to use Cloudflare's WAF/Firewall rules to block CN traffic.

Thanks,
XENTR

I have enabled the VPN blocking and I have added the API key but am still experiencing the same issue