drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_webfilter_profile Configure Web filter profiles. | "added in version" 1.0.0 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_webfilter_profile (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: Configure Web filter profiles. fmgr_webfilter_profile: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> state: <value in [present, absent]> webfilter_profile: comment: <value of string> extended-log: <value in [disable, enable]> https-replacemsg: <value in [disable, enable]> inspection-mode: <value in [proxy, flow-based, dns]> log-all-url: <value in [disable, enable]> name: <value of string> options: - block-invalid-url - jscript - js - vbs - unknown - wf-referer - https-scan - intrinsic - wf-cookie - per-user-bwl - activexfilter - cookiefilter - https-url-scan - javafilter - rangeblock - contenttype-check - per-user-bal ovrd-perm: - bannedword-override - urlfilter-override - fortiguard-wf-override - contenttype-check-override post-action: <value in [normal, comfort, block]> replacemsg-group: <value of string> web-content-log: <value in [disable, enable]> web-extended-all-action-log: <value in [disable, enable]> web-filter-activex-log: <value in [disable, enable]> web-filter-applet-log: <value in [disable, enable]> web-filter-command-block-log: <value in [disable, enable]> web-filter-cookie-log: <value in [disable, enable]> web-filter-cookie-removal-log: <value in [disable, enable]> web-filter-js-log: <value in [disable, enable]> web-filter-jscript-log: <value in [disable, enable]> web-filter-referer-log: <value in [disable, enable]> web-filter-unknown-log: <value in [disable, enable]> web-filter-vbs-log: <value in [disable, enable]> web-ftgd-err-log: <value in [disable, enable]> web-ftgd-quota-usage: <value in [disable, enable]> web-invalid-domain-log: <value in [disable, enable]> web-url-log: <value in [disable, enable]> wisp: <value in [disable, enable]> wisp-algorithm: <value in [auto-learning, primary-secondary, round-robin]> wisp-servers: <value of string> youtube-channel-filter: - channel-id: <value of string> comment: <value of string> id: <value of integer> youtube-channel-status: <value in [disable, blacklist, whitelist]> feature-set: <value in [proxy, flow]> web-antiphishing-log: <value in [disable, enable]> antiphish: check-basic-auth: <value in [disable, enable]> check-uri: <value in [disable, enable]> check-username-only: <value in [disable, enable]> custom-patterns: - category: <value in [username, password]> pattern: <value of string> type: <value in [regex, literal]> default-action: <value in [log, block, exempt]> domain-controller: <value of string> inspection-entries: - action: <value in [log, block, exempt]> fortiguard-category: <value of string> name: <value of string> max-body-len: <value of integer> status: <value in [disable, enable]> authentication: <value in [domain-controller, ldap]> ldap: <value of string> ftgd-wf: exempt-quota: <value of string> filters: - action: <value in [block, monitor, warning, ...]> auth-usr-grp: <value of string> category: <value of string> id: <value of integer> log: <value in [disable, enable]> override-replacemsg: <value of string> warn-duration: <value of string> warning-duration-type: <value in [session, timeout]> warning-prompt: <value in [per-domain, per-category]> max-quota-timeout: <value of integer> options: - error-allow - http-err-detail - rate-image-urls - strict-blocking - rate-server-ip - redir-block - connect-request-bypass - log-all-url - ftgd-disable ovrd: <value of string> quota: - category: <value of string> duration: <value of string> id: <value of integer> override-replacemsg: <value of string> type: <value in [time, traffic]> unit: <value in [B, KB, MB, ...]> value: <value of integer> rate-crl-urls: <value in [disable, enable]> rate-css-urls: <value in [disable, enable]> rate-image-urls: <value in [disable, enable]> rate-javascript-urls: <value in [disable, enable]> category-override: <value of string> override: ovrd-cookie: <value in [deny, allow]> ovrd-dur: <value of string> ovrd-dur-mode: <value in [constant, ask]> ovrd-scope: <value in [user, user-group, ip, ...]> ovrd-user-group: <value of string> profile: <value of string> profile-attribute: <value in [User-Name, User-Password, CHAP-Password, ...]> profile-type: <value in [list, radius]> url-extraction: redirect-header: <value of string> redirect-no-content: <value in [disable, enable]> redirect-url: <value of string> server-fqdn: <value of string> status: <value in [disable, enable]> web: blacklist: <value in [disable, enable]> bword-table: <value of string> bword-threshold: <value of integer> content-header-list: <value of string> keyword-match: <value of string> log-search: <value in [disable, enable]> safe-search: - google - yahoo - bing - url - header urlfilter-table: <value of string> whitelist: - exempt-av - exempt-webcontent - exempt-activex-java-cookie - exempt-dlp - exempt-rangeblock - extended-log-others youtube-restrict: <value in [strict, none, moderate]> allowlist: - exempt-av - exempt-webcontent - exempt-activex-java-cookie - exempt-dlp - exempt-rangeblock - extended-log-others blocklist: <value in [disable, enable]> vimeo-restrict: <value of string> file-filter: entries: - action: <value in [log, block]> comment: <value of string> direction: <value in [any, incoming, outgoing]> encryption: <value in [any, yes]> file-type: <value of string> filter: <value of string> password-protected: <value in [any, yes]> protocol: - http - ftp log: <value in [disable, enable]> scan-archive-contents: <value in [disable, enable]> status: <value in [disable, enable]>
adom: description: the parameter (adom) in requested url required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool webfilter_profile: description: the top level parameters set required: false suboptions: antiphish: description: no description required: false suboptions: authentication: choices: - domain-controller - ldap description: Authentication methods. type: str check-basic-auth: choices: - disable - enable description: Enable/disable checking of HTTP Basic Auth field for known credentials. type: str check-uri: choices: - disable - enable description: Enable/disable checking of GET URI parameters for known credentials. type: str check-username-only: choices: - disable - enable description: Enable/disable acting only on valid username credentials. type: str custom-patterns: description: Custom-Patterns. elements: dict suboptions: category: choices: - username - password description: Category that the pattern matches. type: str pattern: description: Target pattern. type: str type: choices: - regex - literal description: Pattern will be treated either as a regex pattern or literal string. type: str type: list default-action: choices: - log - block - exempt description: Action to be taken when there is no matching rule. type: str domain-controller: description: Domain for which to verify received credentials against. type: str inspection-entries: description: Inspection-Entries. elements: dict suboptions: action: choices: - log - block - exempt description: Action to be taken upon an AntiPhishing match. type: str fortiguard-category: description: FortiGuard category to match. type: str name: description: Inspection target name. type: str type: list ldap: description: LDAP server for which to verify received credentials against. type: str max-body-len: description: Maximum size of a POST body to check for credentials. type: int status: choices: - disable - enable description: Toggle AntiPhishing functionality. type: str type: dict comment: description: Optional comments. type: str extended-log: choices: - disable - enable description: Enable/disable extended logging for web filtering. type: str feature-set: choices: - proxy - flow description: Flow/proxy feature set. type: str file-filter: description: no description required: false suboptions: entries: description: description elements: dict suboptions: action: choices: - log - block description: Action taken for matched file. type: str comment: description: Comment. type: str direction: choices: - any - incoming - outgoing description: Match files transmitted in the sessions originating or reply direction. type: str encryption: choices: - any - 'yes' description: no description type: str file-type: description: description type: str filter: description: Add a file filter. type: str password-protected: choices: - any - 'yes' description: Match password-protected files. type: str protocol: choices: - http - ftp description: description elements: str type: list type: list log: choices: - disable - enable description: Enable/disable file filter logging. type: str scan-archive-contents: choices: - disable - enable description: Enable/disable file filter archive contents scan. type: str status: choices: - disable - enable description: Enable/disable file filter. type: str type: dict ftgd-wf: description: no description required: false suboptions: category-override: description: Local categories take precedence over FortiGuard categories. type: str exempt-quota: description: Do not stop quota for these categories. type: str filters: description: Filters. elements: dict suboptions: action: choices: - block - monitor - warning - authenticate description: Action to take for matches. type: str auth-usr-grp: description: Groups with permission to authenticate. type: str category: description: Categories and groups the filter examines. type: str id: description: ID number. type: int log: choices: - disable - enable description: Enable/disable logging. type: str override-replacemsg: description: Override replacement message. type: str warn-duration: description: Duration of warnings. type: str warning-duration-type: choices: - session - timeout description: Re-display warning after closing browser or after a timeout. type: str warning-prompt: choices: - per-domain - per-category description: Warning prompts in each category or each domain. type: str type: list max-quota-timeout: description: Maximum FortiGuard quota used by single page view in seconds type: int options: choices: - error-allow - http-err-detail - rate-image-urls - strict-blocking - rate-server-ip - redir-block - connect-request-bypass - log-all-url - ftgd-disable description: Options for FortiGuard Web Filter. elements: str type: list ovrd: description: Allow web filter profile overrides. type: str quota: description: Quota. elements: dict suboptions: category: description: FortiGuard categories to apply quota to type: str duration: description: Duration of quota. type: str id: description: ID number. type: int override-replacemsg: description: Override replacement message. type: str type: choices: - time - traffic description: Quota type. type: str unit: choices: - B - KB - MB - GB description: Traffic quota unit of measurement. type: str value: description: Traffic quota value. type: int type: list rate-crl-urls: choices: - disable - enable description: Enable/disable rating CRL by URL. type: str rate-css-urls: choices: - disable - enable description: Enable/disable rating CSS by URL. type: str rate-image-urls: choices: - disable - enable description: Enable/disable rating images by URL. type: str rate-javascript-urls: choices: - disable - enable description: Enable/disable rating JavaScript by URL. type: str type: dict https-replacemsg: choices: - disable - enable description: Enable replacement messages for HTTPS. type: str inspection-mode: choices: - proxy - flow-based - dns description: Web filtering inspection mode. type: str log-all-url: choices: - disable - enable description: Enable/disable logging all URLs visited. type: str name: description: Profile name. type: str options: choices: - block-invalid-url - jscript - js - vbs - unknown - wf-referer - https-scan - intrinsic - wf-cookie - per-user-bwl - activexfilter - cookiefilter - https-url-scan - javafilter - rangeblock - contenttype-check - per-user-bal description: Options. elements: str type: list override: description: no description required: false suboptions: ovrd-cookie: choices: - deny - allow description: Allow/deny browser-based type: str ovrd-dur: description: Override duration. type: str ovrd-dur-mode: choices: - constant - ask description: Override duration mode. type: str ovrd-scope: choices: - user - user-group - ip - ask - browser description: Override scope. type: str ovrd-user-group: description: User groups with permission to use the override. type: str profile: description: Web filter profile with permission to create overrides. type: str profile-attribute: choices: - User-Name - User-Password - CHAP-Password - NAS-IP-Address - NAS-Port - Service-Type - Framed-Protocol - Framed-IP-Address - Framed-IP-Netmask - Framed-Routing - Filter-Id - Framed-MTU - Framed-Compression - Login-IP-Host - Login-Service - Login-TCP-Port - Reply-Message - Callback-Number - Callback-Id - Framed-Route - Framed-IPX-Network - State - Class - Vendor-Specific - Session-Timeout - Idle-Timeout - Termination-Action - Called-Station-Id - Calling-Station-Id - NAS-Identifier - Proxy-State - Login-LAT-Service - Login-LAT-Node - Login-LAT-Group - Framed-AppleTalk-Link - Framed-AppleTalk-Network - Framed-AppleTalk-Zone - Acct-Status-Type - Acct-Delay-Time - Acct-Input-Octets - Acct-Output-Octets - Acct-Session-Id - Acct-Authentic - Acct-Session-Time - Acct-Input-Packets - Acct-Output-Packets - Acct-Terminate-Cause - Acct-Multi-Session-Id - Acct-Link-Count - CHAP-Challenge - NAS-Port-Type - Port-Limit - Login-LAT-Port description: Profile attribute to retrieve from the RADIUS server. type: str profile-type: choices: - list - radius description: Override profile type. type: str type: dict ovrd-perm: choices: - bannedword-override - urlfilter-override - fortiguard-wf-override - contenttype-check-override description: Permitted override types. elements: str type: list post-action: choices: - normal - comfort - block description: Action taken for HTTP POST traffic. type: str replacemsg-group: description: Replacement message group. type: str url-extraction: description: no description required: false suboptions: redirect-header: description: HTTP header name to use for client redirect on blocked requests type: str redirect-no-content: choices: - disable - enable description: Enable / Disable empty message-body entity in HTTP response type: str redirect-url: description: HTTP header value to use for client redirect on blocked requests type: str server-fqdn: description: URL extraction server FQDN type: str status: choices: - disable - enable description: Enable URL Extraction type: str type: dict web: description: no description required: false suboptions: allowlist: choices: - exempt-av - exempt-webcontent - exempt-activex-java-cookie - exempt-dlp - exempt-rangeblock - extended-log-others description: FortiGuard allowlist settings. elements: str type: list blacklist: choices: - disable - enable description: Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. type: str blocklist: choices: - disable - enable description: Enable/disable automatic addition of URLs detected by FortiSandbox to blocklist. type: str bword-table: description: Banned word table ID. type: str bword-threshold: description: Banned word score threshold. type: int content-header-list: description: Content header list. type: str keyword-match: description: Search keywords to log when match is found. type: str log-search: choices: - disable - enable description: Enable/disable logging all search phrases. type: str safe-search: choices: - google - yahoo - bing - url - header description: Safe search type. elements: str type: list urlfilter-table: description: URL filter table ID. type: str vimeo-restrict: description: Set Vimeo-restrict type: str whitelist: choices: - exempt-av - exempt-webcontent - exempt-activex-java-cookie - exempt-dlp - exempt-rangeblock - extended-log-others description: FortiGuard whitelist settings. elements: str type: list youtube-restrict: choices: - strict - none - moderate description: YouTube EDU filter level. type: str type: dict web-antiphishing-log: choices: - disable - enable description: Enable/disable logging of AntiPhishing checks. type: str web-content-log: choices: - disable - enable description: Enable/disable logging logging blocked web content. type: str web-extended-all-action-log: choices: - disable - enable description: Enable/disable extended any filter action logging for web filtering. type: str web-filter-activex-log: choices: - disable - enable description: Enable/disable logging ActiveX. type: str web-filter-applet-log: choices: - disable - enable description: Enable/disable logging Java applets. type: str web-filter-command-block-log: choices: - disable - enable description: Enable/disable logging blocked commands. type: str web-filter-cookie-log: choices: - disable - enable description: Enable/disable logging cookie filtering. type: str web-filter-cookie-removal-log: choices: - disable - enable description: Enable/disable logging blocked cookies. type: str web-filter-js-log: choices: - disable - enable description: Enable/disable logging Java scripts. type: str web-filter-jscript-log: choices: - disable - enable description: Enable/disable logging JScripts. type: str web-filter-referer-log: choices: - disable - enable description: Enable/disable logging referrers. type: str web-filter-unknown-log: choices: - disable - enable description: Enable/disable logging unknown scripts. type: str web-filter-vbs-log: choices: - disable - enable description: Enable/disable logging VBS scripts. type: str web-ftgd-err-log: choices: - disable - enable description: Enable/disable logging rating errors. type: str web-ftgd-quota-usage: choices: - disable - enable description: Enable/disable logging daily quota usage. type: str web-invalid-domain-log: choices: - disable - enable description: Enable/disable logging invalid domain names. type: str web-url-log: choices: - disable - enable description: Enable/disable logging URL filtering. type: str wisp: choices: - disable - enable description: Enable/disable web proxy WISP. type: str wisp-algorithm: choices: - auto-learning - primary-secondary - round-robin description: WISP server selection algorithm. type: str wisp-servers: description: WISP servers. type: str youtube-channel-filter: description: Youtube-Channel-Filter. elements: dict suboptions: channel-id: description: YouTube channel ID to be filtered. type: str comment: description: Comment. type: str id: description: ID. type: int type: list youtube-channel-status: choices: - disable - blacklist - whitelist description: YouTube channel filter status. type: str type: dict workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list