Try SpotterFortiManager web application firewall security profile
Authors: Luke Weighall (@lweighall), Andrew Welsh (@Ghilli3), Jim Huber (@p4r4n0y1ng)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Manage web application firewall security profiles for FGTs via FMG
- name: DELETE Profile
fmgr_secprof_waf:
name: "Ansible_WAF_Profile"
comment: "Created by Ansible Module TEST"
mode: "delete"
- name: CREATE Profile
fmgr_secprof_waf:
name: "Ansible_WAF_Profile"
comment: "Created by Ansible Module TEST"
mode: "set"
adom:
default: root
description:
- The ADOM the configuration should belong to.
required: false
mode:
choices:
- add
- set
- delete
- update
default: add
description:
- Sets one of three modes for managing the object.
- Allows use of soft-adds instead of overwriting existing values
required: false
name:
description:
- WAF Profile name.
required: false
method:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
comment:
description:
- Comment.
required: false
external:
choices:
- disable
- enable
description:
- Disable/Enable external HTTP Inspection.
- choice | disable | Disable external inspection.
- choice | enable | Enable external inspection.
required: false
signature:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
constraint:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
method_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
url_access:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
address_list:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging
the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE
TASKS
required: false
extended_log:
choices:
- disable
- enable
description:
- Enable/disable extended logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
method_status:
choices:
- disable
- enable
description:
- Status.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
url_access_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
method_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | low severity
- choice | medium | medium severity
- choice | high | High severity
required: false
url_access_action:
choices:
- bypass
- permit
- block
description:
- Action.
- choice | bypass | Allow the HTTP request, also bypass further WAF scanning.
- choice | permit | Allow the HTTP request, and continue further WAF scanning.
- choice | block | Block HTTP request.
required: false
url_access_address:
description:
- Host address.
required: false
address_list_status:
choices:
- disable
- enable
description:
- Status.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
url_access_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
address_list_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
constraint_method_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_version_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_hostname_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
address_list_blocked_log:
choices:
- disable
- enable
description:
- Enable/disable logging on blocked addresses.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_malformed_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_method_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_method_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
signature_main_class_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_max_cookie_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_version_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_version_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_exception_regex:
choices:
- disable
- enable
description:
- Enable/disable regular expression based pattern match.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_hostname_action:
choices:
- allow
- block
description:
- Action for a hostname constraint.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_hostname_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_line_length_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_method_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
method_method_policy_regex:
choices:
- disable
- enable
description:
- Enable/disable regular expression based pattern match.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_exception_method:
choices:
- disable
- enable
description:
- Enable/disable HTTP method check.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_malformed_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_malformed_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_param_length_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_version_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
signature_main_class_action:
choices:
- allow
- block
- erase
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
- choice | erase | Erase credit card numbers.
required: false
signature_main_class_status:
choices:
- disable
- enable
description:
- Status.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
address_list_blocked_address:
description:
- Blocked address.
required: false
address_list_trusted_address:
description:
- Trusted address.
required: false
constraint_exception_address:
description:
- Host address.
required: false
constraint_exception_pattern:
description:
- URL pattern.
required: false
constraint_exception_version:
choices:
- disable
- enable
description:
- Enable/disable HTTP version check.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_header_length_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_hostname_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
constraint_max_cookie_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_max_cookie_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_max_url_param_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
method_method_policy_address:
description:
- Host address.
required: false
method_method_policy_pattern:
description:
- URL pattern.
required: false
signature_disabled_signature:
description:
- Disabled signatures
required: false
signature_disabled_sub_class:
description:
- Disabled signature subclasses.
required: false
constraint_content_length_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_exception_hostname:
choices:
- disable
- enable
description:
- Enable/disable hostname check.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_line_length_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_line_length_length:
description:
- Length of HTTP line in bytes (0 to 2147483647).
required: false
constraint_line_length_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_malformed_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
signature_main_class_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
constraint_exception_malformed:
choices:
- disable
- enable
description:
- Enable/disable malformed HTTP request check.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_max_cookie_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
constraint_max_header_line_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_param_length_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_param_length_length:
description:
- Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to
2147483647).
required: false
constraint_param_length_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
method_default_allowed_methods:
choices:
- delete
- get
- head
- options
- post
- put
- trace
- others
- connect
description:
- Methods.
- FLAG Based Options. Specify multiple in list form.
- flag | delete | HTTP DELETE method.
- flag | get | HTTP GET method.
- flag | head | HTTP HEAD method.
- flag | options | HTTP OPTIONS method.
- flag | post | HTTP POST method.
- flag | put | HTTP PUT method.
- flag | trace | HTTP TRACE method.
- flag | others | Other HTTP methods.
- flag | connect | HTTP CONNECT method.
required: false
signature_custom_signature_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_exception_max_cookie:
choices:
- disable
- enable
description:
- Maximum number of cookies in HTTP request.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_header_length_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_header_length_length:
description:
- Length of HTTP header in bytes (0 to 2147483647).
required: false
constraint_header_length_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_line_length_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
constraint_max_url_param_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_max_url_param_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_url_param_length_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
signature_custom_signature_name:
description:
- Signature name.
required: false
url_access_access_pattern_regex:
choices:
- disable
- enable
description:
- Enable/disable regular expression based pattern match.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_content_length_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_content_length_length:
description:
- Length of HTTP content in bytes (0 to 2147483647).
required: false
constraint_content_length_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_exception_line_length:
choices:
- disable
- enable
description:
- HTTP line length in request.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_max_cookie_max_cookie:
description:
- Maximum number of cookies in HTTP request (0 to 2147483647).
required: false
constraint_max_range_segment_log:
choices:
- disable
- enable
description:
- Enable/disable logging.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_param_length_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
url_access_access_pattern_negate:
choices:
- disable
- enable
description:
- Enable/disable match negation.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_exception_param_length:
choices:
- disable
- enable
description:
- Maximum length of parameter in URL, HTTP POST request or HTTP body.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_header_length_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
constraint_max_header_line_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_max_header_line_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_max_url_param_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
signature_custom_signature_action:
choices:
- allow
- block
- erase
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
- choice | erase | Erase credit card numbers.
required: false
signature_custom_signature_status:
choices:
- disable
- enable
description:
- Status.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
signature_custom_signature_target:
choices:
- arg
- arg-name
- req-body
- req-cookie
- req-cookie-name
- req-filename
- req-header
- req-header-name
- req-raw-uri
- req-uri
- resp-body
- resp-hdr
- resp-status
description:
- Match HTTP target.
- FLAG Based Options. Specify multiple in list form.
- flag | arg | HTTP arguments.
- flag | arg-name | Names of HTTP arguments.
- flag | req-body | HTTP request body.
- flag | req-cookie | HTTP request cookies.
- flag | req-cookie-name | HTTP request cookie names.
- flag | req-filename | HTTP request file name.
- flag | req-header | HTTP request headers.
- flag | req-header-name | HTTP request header names.
- flag | req-raw-uri | Raw URI of HTTP request.
- flag | req-uri | URI of HTTP request.
- flag | resp-body | HTTP response body.
- flag | resp-hdr | HTTP response headers.
- flag | resp-status | HTTP response status.
required: false
url_access_access_pattern_pattern:
description:
- URL pattern.
required: false
url_access_access_pattern_srcaddr:
description:
- Source address.
required: false
constraint_content_length_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
constraint_exception_header_length:
choices:
- disable
- enable
description:
- HTTP header length in request.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_exception_max_url_param:
choices:
- disable
- enable
description:
- Maximum number of parameters in URL.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_url_param_length_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_url_param_length_length:
description:
- Maximum length of URL parameter in bytes (0 to 2147483647).
required: false
constraint_url_param_length_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
signature_custom_signature_pattern:
description:
- Match pattern.
required: false
constraint_exception_content_length:
choices:
- disable
- enable
description:
- HTTP content length in request.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_max_header_line_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
constraint_max_range_segment_action:
choices:
- allow
- block
description:
- Action.
- choice | allow | Allow.
- choice | block | Block.
required: false
constraint_max_range_segment_status:
choices:
- disable
- enable
description:
- Enable/disable the constraint.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
signature_custom_signature_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
constraint_exception_max_header_line:
choices:
- disable
- enable
description:
- Maximum number of HTTP header line.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_url_param_length_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
method_method_policy_allowed_methods:
choices:
- delete
- get
- head
- options
- post
- put
- trace
- others
- connect
description:
- Allowed Methods.
- FLAG Based Options. Specify multiple in list form.
- flag | delete | HTTP DELETE method.
- flag | get | HTTP GET method.
- flag | head | HTTP HEAD method.
- flag | options | HTTP OPTIONS method.
- flag | post | HTTP POST method.
- flag | put | HTTP PUT method.
- flag | trace | HTTP TRACE method.
- flag | others | Other HTTP methods.
- flag | connect | HTTP CONNECT method.
required: false
signature_custom_signature_direction:
choices:
- request
- response
description:
- Traffic direction.
- choice | request | Match HTTP request.
- choice | response | Match HTTP response.
required: false
constraint_exception_url_param_length:
choices:
- disable
- enable
description:
- Maximum length of parameter in URL.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_max_range_segment_severity:
choices:
- low
- medium
- high
description:
- Severity.
- choice | low | Low severity.
- choice | medium | Medium severity.
- choice | high | High severity.
required: false
constraint_exception_max_range_segment:
choices:
- disable
- enable
description:
- Maximum number of range segments in HTTP range line.
- choice | disable | Disable setting.
- choice | enable | Enable setting.
required: false
constraint_max_url_param_max_url_param:
description:
- Maximum number of parameters in URL (0 to 2147483647).
required: false
signature_credit_card_detection_threshold:
description:
- The minimum number of Credit cards to detect violation.
required: false
constraint_max_header_line_max_header_line:
description:
- Maximum number HTTP header lines (0 to 2147483647).
required: false
signature_custom_signature_case_sensitivity:
choices:
- disable
- enable
description:
- Case sensitivity in pattern.
- choice | disable | Case insensitive in pattern.
- choice | enable | Case sensitive in pattern.
required: false
constraint_max_range_segment_max_range_segment:
description:
- Maximum number of range segments in HTTP range line (0 to 2147483647).
required: false
api_result: description: full API response, includes status code and message returned: always type: str