Hi @pinkimagination
Thank you very much for your questions.
Issue 1: What can you do to remove the delay?
To remove the delay, the easiest option is to use a small trick. Go to the delay security settings of your project and set the “Multiplicator” to 0.1. After saving the settings, go to your form and refresh the page multiple times. The seconds should drop pretty quickly, and after ~10 requests, your delay should be around 30 seconds or less. Now go back to the delay security settings and set the “Multiplicator” to a normal value (1.0 or higher, see below).
Issue 2: Is it possible to configure that the delay is automatically lifted?
No, that’s not possible right now. The delay is lifted as soon as it expires. I will keep that in mind for future developments. It is probably also a good idea (and much easier to implement) to add a function that lets an admin delete all delays/lockouts, so in your case, you could (if you’re an admin of the mosparo installation) delete all the delays.
Issue 3: Blocking a single site/form and not globally
The idea is that if a bad actor (like a bot) is blocked in one project, there is no reason that the same bad actor should be able to fill out any forms protected by the same mosparo installation. In your case, yes, this isn’t good. But if a bot tries to submit the form multiple times, this feature will block it across all your projects.
Now, what should you do?
- Delete the delay with the method described above.
- Add your IP address to the allow list of all the projects. To prevent getting blocked by the delay or lockout feature (or the other security features), add your IP address to the allow list in every project. This way, these features will not affect your requests.
- Adjust the delay and lockout factors. In the delay or lockout settings, set the “Multiplicator” to 1.0 so the delay and lockout are not increased with every request. You could then define a fixed delay or lockout period. For example: 60 seconds for a delay and 86400 seconds (one day) for the lockout. Every additional request will not increase the number (since the “Multiplicator” is set to 1.0).
Please let me know if that worked and if you have any other questions.
Kind regards,
zepich / mosparo Team
Hi @zepich!
“It is probably also a good idea (and much easier to implement) to add a function that lets an admin delete all delays/lockouts, so in your case, you could (if you’re an admin of the mosparo installation) delete all the delays.”
This is a great idea!
I’m really looking forward to the ability to manage blocks—it would greatly help me in my work.
Thank you for your assistance — my forms are now unblocked, and I can use the websites again!
