ansible / ansible.builtin / v2.9.21 / module / fmgr_secprof_waf FortiManager web application firewall security profile | "added in version" 2.8 of ansible.builtin" Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng) preview | supported by communityansible.builtin.fmgr_secprof_waf (v2.9.21) — module
pip
Install with pip install ansible==2.9.21
Manage web application firewall security profiles for FGTs via FMG
- name: DELETE Profile fmgr_secprof_waf: name: "Ansible_WAF_Profile" comment: "Created by Ansible Module TEST" mode: "delete"
- name: CREATE Profile fmgr_secprof_waf: name: "Ansible_WAF_Profile" comment: "Created by Ansible Module TEST" mode: "set"
adom: default: root description: - The ADOM the configuration should belong to. required: false mode: choices: - add - set - delete - update default: add description: - Sets one of three modes for managing the object. - Allows use of soft-adds instead of overwriting existing values required: false name: description: - WAF Profile name. required: false method: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false comment: description: - Comment. required: false external: choices: - disable - enable description: - Disable/Enable external HTTP Inspection. - choice | disable | Disable external inspection. - choice | enable | Enable external inspection. required: false signature: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false constraint: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false method_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false url_access: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false address_list: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false extended_log: choices: - disable - enable description: - Enable/disable extended logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false method_status: choices: - disable - enable description: - Status. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false url_access_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false method_severity: choices: - low - medium - high description: - Severity. - choice | low | low severity - choice | medium | medium severity - choice | high | High severity required: false url_access_action: choices: - bypass - permit - block description: - Action. - choice | bypass | Allow the HTTP request, also bypass further WAF scanning. - choice | permit | Allow the HTTP request, and continue further WAF scanning. - choice | block | Block HTTP request. required: false url_access_address: description: - Host address. required: false address_list_status: choices: - disable - enable description: - Status. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false url_access_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false address_list_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false constraint_method_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_version_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_hostname_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false address_list_blocked_log: choices: - disable - enable description: - Enable/disable logging on blocked addresses. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_malformed_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_method_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_method_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false signature_main_class_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_max_cookie_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_version_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_version_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_exception_regex: choices: - disable - enable description: - Enable/disable regular expression based pattern match. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_hostname_action: choices: - allow - block description: - Action for a hostname constraint. - choice | allow | Allow. - choice | block | Block. required: false constraint_hostname_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_line_length_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_method_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false method_method_policy_regex: choices: - disable - enable description: - Enable/disable regular expression based pattern match. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_exception_method: choices: - disable - enable description: - Enable/disable HTTP method check. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_malformed_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_malformed_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_param_length_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_version_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false signature_main_class_action: choices: - allow - block - erase description: - Action. - choice | allow | Allow. - choice | block | Block. - choice | erase | Erase credit card numbers. required: false signature_main_class_status: choices: - disable - enable description: - Status. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false address_list_blocked_address: description: - Blocked address. required: false address_list_trusted_address: description: - Trusted address. required: false constraint_exception_address: description: - Host address. required: false constraint_exception_pattern: description: - URL pattern. required: false constraint_exception_version: choices: - disable - enable description: - Enable/disable HTTP version check. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_header_length_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_hostname_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false constraint_max_cookie_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_max_cookie_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_max_url_param_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false method_method_policy_address: description: - Host address. required: false method_method_policy_pattern: description: - URL pattern. required: false signature_disabled_signature: description: - Disabled signatures required: false signature_disabled_sub_class: description: - Disabled signature subclasses. required: false constraint_content_length_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_exception_hostname: choices: - disable - enable description: - Enable/disable hostname check. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_line_length_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_line_length_length: description: - Length of HTTP line in bytes (0 to 2147483647). required: false constraint_line_length_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_malformed_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false signature_main_class_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false constraint_exception_malformed: choices: - disable - enable description: - Enable/disable malformed HTTP request check. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_max_cookie_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false constraint_max_header_line_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_param_length_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_param_length_length: description: - Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). required: false constraint_param_length_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false method_default_allowed_methods: choices: - delete - get - head - options - post - put - trace - others - connect description: - Methods. - FLAG Based Options. Specify multiple in list form. - flag | delete | HTTP DELETE method. - flag | get | HTTP GET method. - flag | head | HTTP HEAD method. - flag | options | HTTP OPTIONS method. - flag | post | HTTP POST method. - flag | put | HTTP PUT method. - flag | trace | HTTP TRACE method. - flag | others | Other HTTP methods. - flag | connect | HTTP CONNECT method. required: false signature_custom_signature_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_exception_max_cookie: choices: - disable - enable description: - Maximum number of cookies in HTTP request. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_header_length_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_header_length_length: description: - Length of HTTP header in bytes (0 to 2147483647). required: false constraint_header_length_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_line_length_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false constraint_max_url_param_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_max_url_param_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_url_param_length_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false signature_custom_signature_name: description: - Signature name. required: false url_access_access_pattern_regex: choices: - disable - enable description: - Enable/disable regular expression based pattern match. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_content_length_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_content_length_length: description: - Length of HTTP content in bytes (0 to 2147483647). required: false constraint_content_length_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_exception_line_length: choices: - disable - enable description: - HTTP line length in request. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_max_cookie_max_cookie: description: - Maximum number of cookies in HTTP request (0 to 2147483647). required: false constraint_max_range_segment_log: choices: - disable - enable description: - Enable/disable logging. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_param_length_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false url_access_access_pattern_negate: choices: - disable - enable description: - Enable/disable match negation. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_exception_param_length: choices: - disable - enable description: - Maximum length of parameter in URL, HTTP POST request or HTTP body. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_header_length_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false constraint_max_header_line_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_max_header_line_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_max_url_param_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false signature_custom_signature_action: choices: - allow - block - erase description: - Action. - choice | allow | Allow. - choice | block | Block. - choice | erase | Erase credit card numbers. required: false signature_custom_signature_status: choices: - disable - enable description: - Status. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false signature_custom_signature_target: choices: - arg - arg-name - req-body - req-cookie - req-cookie-name - req-filename - req-header - req-header-name - req-raw-uri - req-uri - resp-body - resp-hdr - resp-status description: - Match HTTP target. - FLAG Based Options. Specify multiple in list form. - flag | arg | HTTP arguments. - flag | arg-name | Names of HTTP arguments. - flag | req-body | HTTP request body. - flag | req-cookie | HTTP request cookies. - flag | req-cookie-name | HTTP request cookie names. - flag | req-filename | HTTP request file name. - flag | req-header | HTTP request headers. - flag | req-header-name | HTTP request header names. - flag | req-raw-uri | Raw URI of HTTP request. - flag | req-uri | URI of HTTP request. - flag | resp-body | HTTP response body. - flag | resp-hdr | HTTP response headers. - flag | resp-status | HTTP response status. required: false url_access_access_pattern_pattern: description: - URL pattern. required: false url_access_access_pattern_srcaddr: description: - Source address. required: false constraint_content_length_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false constraint_exception_header_length: choices: - disable - enable description: - HTTP header length in request. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_exception_max_url_param: choices: - disable - enable description: - Maximum number of parameters in URL. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_url_param_length_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_url_param_length_length: description: - Maximum length of URL parameter in bytes (0 to 2147483647). required: false constraint_url_param_length_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false signature_custom_signature_pattern: description: - Match pattern. required: false constraint_exception_content_length: choices: - disable - enable description: - HTTP content length in request. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_max_header_line_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false constraint_max_range_segment_action: choices: - allow - block description: - Action. - choice | allow | Allow. - choice | block | Block. required: false constraint_max_range_segment_status: choices: - disable - enable description: - Enable/disable the constraint. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false signature_custom_signature_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false constraint_exception_max_header_line: choices: - disable - enable description: - Maximum number of HTTP header line. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_url_param_length_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false method_method_policy_allowed_methods: choices: - delete - get - head - options - post - put - trace - others - connect description: - Allowed Methods. - FLAG Based Options. Specify multiple in list form. - flag | delete | HTTP DELETE method. - flag | get | HTTP GET method. - flag | head | HTTP HEAD method. - flag | options | HTTP OPTIONS method. - flag | post | HTTP POST method. - flag | put | HTTP PUT method. - flag | trace | HTTP TRACE method. - flag | others | Other HTTP methods. - flag | connect | HTTP CONNECT method. required: false signature_custom_signature_direction: choices: - request - response description: - Traffic direction. - choice | request | Match HTTP request. - choice | response | Match HTTP response. required: false constraint_exception_url_param_length: choices: - disable - enable description: - Maximum length of parameter in URL. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_max_range_segment_severity: choices: - low - medium - high description: - Severity. - choice | low | Low severity. - choice | medium | Medium severity. - choice | high | High severity. required: false constraint_exception_max_range_segment: choices: - disable - enable description: - Maximum number of range segments in HTTP range line. - choice | disable | Disable setting. - choice | enable | Enable setting. required: false constraint_max_url_param_max_url_param: description: - Maximum number of parameters in URL (0 to 2147483647). required: false signature_credit_card_detection_threshold: description: - The minimum number of Credit cards to detect violation. required: false constraint_max_header_line_max_header_line: description: - Maximum number HTTP header lines (0 to 2147483647). required: false signature_custom_signature_case_sensitivity: choices: - disable - enable description: - Case sensitivity in pattern. - choice | disable | Case insensitive in pattern. - choice | enable | Case sensitive in pattern. required: false constraint_max_range_segment_max_range_segment: description: - Maximum number of range segments in HTTP range line (0 to 2147483647). required: false
api_result: description: full API response, includes status code and message returned: always type: str