drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_waf_profile Web application firewall configuration. | "added in version" 1.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_waf_profile (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Web application firewall configuration. fmgr_waf_profile: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> state: <value in [present, absent]> waf_profile: comment: <value of string> extended-log: <value in [disable, enable]> external: <value in [disable, enable]> name: <value of string> url-access: - access-pattern: - id: <value of integer> negate: <value in [disable, enable]> pattern: <value of string> regex: <value in [disable, enable]> srcaddr: <value of string> action: <value in [bypass, permit, block]> address: <value of string> id: <value of integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> address-list: blocked-address: <value of string> blocked-log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> trusted-address: <value of string> constraint: content-length: action: <value in [allow, block]> length: <value of integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> exception: - address: <value of string> content-length: <value in [disable, enable]> header-length: <value in [disable, enable]> hostname: <value in [disable, enable]> id: <value of integer> line-length: <value in [disable, enable]> malformed: <value in [disable, enable]> max-cookie: <value in [disable, enable]> max-header-line: <value in [disable, enable]> max-range-segment: <value in [disable, enable]> max-url-param: <value in [disable, enable]> method: <value in [disable, enable]> param-length: <value in [disable, enable]> pattern: <value of string> regex: <value in [disable, enable]> url-param-length: <value in [disable, enable]> version: <value in [disable, enable]> header-length: action: <value in [allow, block]> length: <value of integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> hostname: action: <value in [allow, block]> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> line-length: action: <value in [allow, block]> length: <value of integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> malformed: action: <value in [allow, block]> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> max-cookie: action: <value in [allow, block]> log: <value in [disable, enable]> max-cookie: <value of integer> severity: <value in [low, medium, high]> status: <value in [disable, enable]> max-header-line: action: <value in [allow, block]> log: <value in [disable, enable]> max-header-line: <value of integer> severity: <value in [low, medium, high]> status: <value in [disable, enable]> max-range-segment: action: <value in [allow, block]> log: <value in [disable, enable]> max-range-segment: <value of integer> severity: <value in [low, medium, high]> status: <value in [disable, enable]> max-url-param: action: <value in [allow, block]> log: <value in [disable, enable]> max-url-param: <value of integer> severity: <value in [low, medium, high]> status: <value in [disable, enable]> method: action: <value in [allow, block]> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> param-length: action: <value in [allow, block]> length: <value of integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> url-param-length: action: <value in [allow, block]> length: <value of integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> version: action: <value in [allow, block]> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> method: default-allowed-methods: - delete - get - head - options - post - put - trace - others - connect log: <value in [disable, enable]> method-policy: - address: <value of string> allowed-methods: - delete - get - head - options - post - put - trace - others - connect id: <value of integer> pattern: <value of string> regex: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> signature: credit-card-detection-threshold: <value of integer> custom-signature: - action: <value in [allow, block, erase]> case-sensitivity: <value in [disable, enable]> direction: <value in [request, response]> log: <value in [disable, enable]> name: <value of string> pattern: <value of string> severity: <value in [low, medium, high]> status: <value in [disable, enable]> target: - arg - arg-name - req-body - req-cookie - req-cookie-name - req-filename - req-header - req-header-name - req-raw-uri - req-uri - resp-body - resp-hdr - resp-status disabled-signature: <value of string> disabled-sub-class: <value of string> main-class: action: <value in [allow, block, erase]> id: <value of integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]>
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool waf_profile: description: the top level parameters set required: false suboptions: address-list: description: no description required: false suboptions: blocked-address: description: Blocked address. type: str blocked-log: choices: - disable - enable description: Enable/disable logging on blocked addresses. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Status. type: str trusted-address: description: Trusted address. type: str type: dict comment: description: Comment. type: str constraint: description: no description required: false suboptions: content-length: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str length: description: Length of HTTP content in bytes type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict exception: description: Exception. elements: dict suboptions: address: description: Host address. type: str content-length: choices: - disable - enable description: HTTP content length in request. type: str header-length: choices: - disable - enable description: HTTP header length in request. type: str hostname: choices: - disable - enable description: Enable/disable hostname check. type: str id: description: Exception ID. type: int line-length: choices: - disable - enable description: HTTP line length in request. type: str malformed: choices: - disable - enable description: Enable/disable malformed HTTP request check. type: str max-cookie: choices: - disable - enable description: Maximum number of cookies in HTTP request. type: str max-header-line: choices: - disable - enable description: Maximum number of HTTP header line. type: str max-range-segment: choices: - disable - enable description: Maximum number of range segments in HTTP range line. type: str max-url-param: choices: - disable - enable description: Maximum number of parameters in URL. type: str method: choices: - disable - enable description: Enable/disable HTTP method check. type: str param-length: choices: - disable - enable description: Maximum length of parameter in URL, HTTP POST request or HTTP body. type: str pattern: description: URL pattern. type: str regex: choices: - disable - enable description: Enable/disable regular expression based pattern match. type: str url-param-length: choices: - disable - enable description: Maximum length of parameter in URL. type: str version: choices: - disable - enable description: Enable/disable HTTP version check. type: str type: list header-length: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str length: description: Length of HTTP header in bytes type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict hostname: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict line-length: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str length: description: Length of HTTP line in bytes type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict malformed: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict max-cookie: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str max-cookie: description: Maximum number of cookies in HTTP request type: int severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict max-header-line: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str max-header-line: description: Maximum number HTTP header lines type: int severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict max-range-segment: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str max-range-segment: description: Maximum number of range segments in HTTP range line type: int severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict max-url-param: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str max-url-param: description: Maximum number of parameters in URL type: int severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict method: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict param-length: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str length: description: Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict url-param-length: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str length: description: Maximum length of URL parameter in bytes type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict version: description: no description required: false suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict type: dict extended-log: choices: - disable - enable description: Enable/disable extended logging. type: str external: choices: - disable - enable description: Disable/Enable external HTTP Inspection. type: str method: description: no description required: false suboptions: default-allowed-methods: choices: - delete - get - head - options - post - put - trace - others - connect description: Methods. elements: str type: list log: choices: - disable - enable description: Enable/disable logging. type: str method-policy: description: Method-Policy. elements: dict suboptions: address: description: Host address. type: str allowed-methods: choices: - delete - get - head - options - post - put - trace - others - connect description: Allowed Methods. elements: str type: list id: description: HTTP method policy ID. type: int pattern: description: URL pattern. type: str regex: choices: - disable - enable description: Enable/disable regular expression based pattern match. type: str type: list severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Status. type: str type: dict name: description: WAF Profile name. type: str signature: description: no description required: false suboptions: credit-card-detection-threshold: description: The minimum number of Credit cards to detect violation. type: int custom-signature: description: Custom-Signature. elements: dict suboptions: action: choices: - allow - block - erase description: Action. type: str case-sensitivity: choices: - disable - enable description: Case sensitivity in pattern. type: str direction: choices: - request - response description: Traffic direction. type: str log: choices: - disable - enable description: Enable/disable logging. type: str name: description: Signature name. type: str pattern: description: Match pattern. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Status. type: str target: choices: - arg - arg-name - req-body - req-cookie - req-cookie-name - req-filename - req-header - req-header-name - req-raw-uri - req-uri - resp-body - resp-hdr - resp-status description: Match HTTP target. elements: str type: list type: list disabled-signature: description: Disabled signatures type: str disabled-sub-class: description: Disabled signature subclasses. type: str main-class: description: no description required: false suboptions: action: choices: - allow - block - erase description: Action. type: str id: description: Main signature class ID. type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Status. type: str type: dict type: dict url-access: description: Url-Access. elements: dict suboptions: access-pattern: description: Access-Pattern. elements: dict suboptions: id: description: URL access pattern ID. type: int negate: choices: - disable - enable description: Enable/disable match negation. type: str pattern: description: URL pattern. type: str regex: choices: - disable - enable description: Enable/disable regular expression based pattern match. type: str srcaddr: description: Source address. type: str type: list action: choices: - bypass - permit - block description: Action. type: str address: description: Host address. type: str id: description: URL access ID. type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str type: list type: dict access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list