Try SpotterConfigure HTTP protocol options.
| "added in version" 2.0.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure HTTP protocol options.
fortinet.fortimanager.fmgr_firewall_profileprotocoloptions_http:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
profile_protocol_options: <your own value>
firewall_profileprotocoloptions_http:
block_page_status_code: <integer>
comfort_amount: <integer>
comfort_interval: <integer>
fortinet_bar: <value in [disable, enable]>
fortinet_bar_port: <integer>
http_policy: <value in [disable, enable]>
inspect_all: <value in [disable, enable]>
options:
- oversize
- chunkedbypass
- clientcomfort
- no-content-summary
- servercomfort
oversize_limit: <integer>
ports: <list or integer>
post_lang:
- jisx0201
- jisx0208
- jisx0212
- gb2312
- ksc5601-ex
- euc-jp
- sjis
- iso2022-jp
- iso2022-jp-1
- iso2022-jp-2
- euc-cn
- ces-gbk
- hz
- ces-big5
- euc-kr
- iso2022-jp-3
- iso8859-1
- tis620
- cp874
- cp1252
- cp1251
range_block: <value in [disable, enable]>
retry_count: <integer>
scan_bzip2: <value in [disable, enable]>
status: <value in [disable, enable]>
streaming_content_bypass: <value in [disable, enable]>
strip_x_forwarded_for: <value in [disable, enable]>
switching_protocols: <value in [bypass, block]>
uncompressed_nest_limit: <integer>
uncompressed_oversize_limit: <integer>
tcp_window_maximum: <integer>
tcp_window_minimum: <integer>
tcp_window_size: <integer>
tcp_window_type: <value in [system, static, dynamic, ...]>
ssl_offloaded: <value in [no, yes]>
stream_based_uncompressed_limit: <integer>
proxy_after_tcp_handshake: <value in [disable, enable]>
tunnel_non_http: <value in [disable, enable]>
unknown_http_version: <value in [best-effort, reject, tunnel]>
address_ip_rating: <value in [disable, enable]>
h2c: <value in [disable, enable]>
verify_dns_for_policy_matching: <value in [disable, enable]>
unknown_content_encoding: <value in [block, inspect, bypass]>
adom:
description: The parameter (adom) in requested url.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access_token:
description: The token to access FortiManager without using username and password.
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
profile-protocol-options:
description: Deprecated, please use "profile_protocol_options"
type: str
profile_protocol_options:
description: The parameter (profile-protocol-options) in requested url.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
firewall_profileprotocoloptions_http:
description: The top level parameters set.
required: false
suboptions:
address-ip-rating:
choices:
- disable
- enable
description: Deprecated, please rename it to address_ip_rating. Enable/disable
IP based URL rating.
type: str
block-page-status-code:
description: Deprecated, please rename it to block_page_status_code. Code number
returned for blocked HTTP pages
type: int
comfort-amount:
description: Deprecated, please rename it to comfort_amount. Amount of data to
send in a transmission for client comforting
type: int
comfort-interval:
description: Deprecated, please rename it to comfort_interval. Period of time
between start, or last transmission, and the next client ...
type: int
fortinet-bar:
choices:
- disable
- enable
description: Deprecated, please rename it to fortinet_bar. Enable/disable Fortinet
bar on HTML content.
type: str
fortinet-bar-port:
description: Deprecated, please rename it to fortinet_bar_port. Port for use by
Fortinet Bar
type: int
h2c:
choices:
- disable
- enable
description: Enable/disable h2c HTTP connection upgrade.
type: str
http-policy:
choices:
- disable
- enable
description: Deprecated, please rename it to http_policy. Enable/disable HTTP
policy check.
type: str
inspect-all:
choices:
- disable
- enable
description: Deprecated, please rename it to inspect_all. Enable/disable the inspection
of all ports for the protocol.
type: str
options:
choices:
- oversize
- chunkedbypass
- clientcomfort
- no-content-summary
- servercomfort
description: No description.
elements: str
type: list
oversize-limit:
description: Deprecated, please rename it to oversize_limit. Maximum in-memory
file size that can be scanned
type: int
ports:
description: (list) No description.
type: raw
post-lang:
choices:
- jisx0201
- jisx0208
- jisx0212
- gb2312
- ksc5601-ex
- euc-jp
- sjis
- iso2022-jp
- iso2022-jp-1
- iso2022-jp-2
- euc-cn
- ces-gbk
- hz
- ces-big5
- euc-kr
- iso2022-jp-3
- iso8859-1
- tis620
- cp874
- cp1252
- cp1251
description: Deprecated, please rename it to post_lang.
elements: str
type: list
proxy-after-tcp-handshake:
choices:
- disable
- enable
description: Deprecated, please rename it to proxy_after_tcp_handshake. Proxy
traffic after the TCP 3-way handshake has been established
type: str
range-block:
choices:
- disable
- enable
description: Deprecated, please rename it to range_block. Enable/disable blocking
of partial downloads.
type: str
retry-count:
description: Deprecated, please rename it to retry_count. Number of attempts to
retry HTTP connection
type: int
scan-bzip2:
choices:
- disable
- enable
description: Deprecated, please rename it to scan_bzip2. Enable/disable scanning
of BZip2 compressed files.
type: str
ssl-offloaded:
choices:
- 'no'
- 'yes'
description: Deprecated, please rename it to ssl_offloaded. SSL decryption and
encryption performed by an external device.
type: str
status:
choices:
- disable
- enable
description: Enable/disable the active status of scanning for this protocol.
type: str
stream-based-uncompressed-limit:
description: Deprecated, please rename it to stream_based_uncompressed_limit.
Maximum stream-based uncompressed data size that will be ...
type: int
streaming-content-bypass:
choices:
- disable
- enable
description: Deprecated, please rename it to streaming_content_bypass. Enable/disable
bypassing of streaming content from buffering.
type: str
strip-x-forwarded-for:
choices:
- disable
- enable
description: Deprecated, please rename it to strip_x_forwarded_for. Enable/disable
stripping of HTTP X-Forwarded-For header.
type: str
switching-protocols:
choices:
- bypass
- block
description: Deprecated, please rename it to switching_protocols. Bypass from
scanning, or block a connection that attempts to switch p...
type: str
tcp-window-maximum:
description: Deprecated, please rename it to tcp_window_maximum. Maximum dynamic
TCP window size
type: int
tcp-window-minimum:
description: Deprecated, please rename it to tcp_window_minimum. Minimum dynamic
TCP window size
type: int
tcp-window-size:
description: Deprecated, please rename it to tcp_window_size. Set TCP static window
size
type: int
tcp-window-type:
choices:
- system
- static
- dynamic
- auto-tuning
description: Deprecated, please rename it to tcp_window_type. Specify type of
TCP window to use for this protocol.
type: str
tunnel-non-http:
choices:
- disable
- enable
description: Deprecated, please rename it to tunnel_non_http. Configure how to
process non-HTTP traffic when a profile configured for H...
type: str
uncompressed-nest-limit:
description: Deprecated, please rename it to uncompressed_nest_limit. Maximum
nested levels of compression that can be uncompressed and...
type: int
uncompressed-oversize-limit:
description: Deprecated, please rename it to uncompressed_oversize_limit. Maximum
in-memory uncompressed file size that can be scanned
type: int
unknown-content-encoding:
choices:
- block
- inspect
- bypass
description: Deprecated, please rename it to unknown_content_encoding. Configure
the action the FortiGate unit will take on unknown con...
type: str
unknown-http-version:
choices:
- best-effort
- reject
- tunnel
description: Deprecated, please rename it to unknown_http_version. How to handle
HTTP sessions that do not comply with HTTP 0.
type: str
verify-dns-for-policy-matching:
choices:
- disable
- enable
description: Deprecated, please rename it to verify_dns_for_policy_matching. Enable/disable
verification of DNS for policy matching.
type: str
type: dict
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list