fortinet / fortinet.fortimanager / 2.4.0 / module / fmgr_waf_profile Web application firewall configuration. | "added in version" 1.0.0 of fortinet.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communityfortinet.fortimanager.fmgr_waf_profile (2.4.0) — module
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections: - name: fortinet.fortimanager version: 2.4.0
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Web application firewall configuration. fortinet.fortimanager.fmgr_waf_profile: # bypass_validation: false workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] adom: <your own value> state: present # <value in [present, absent]> waf_profile: comment: <string> extended_log: <value in [disable, enable]> external: <value in [disable, enable]> name: <string> url_access: - access_pattern: - id: <integer> negate: <value in [disable, enable]> pattern: <string> regex: <value in [disable, enable]> srcaddr: <string> action: <value in [bypass, permit, block]> address: <string> id: <integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> address_list: blocked_address: <list or string> blocked_log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> trusted_address: <list or string> constraint: content_length: action: <value in [allow, block]> length: <integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> exception: - address: <string> content_length: <value in [disable, enable]> header_length: <value in [disable, enable]> hostname: <value in [disable, enable]> id: <integer> line_length: <value in [disable, enable]> malformed: <value in [disable, enable]> max_cookie: <value in [disable, enable]> max_header_line: <value in [disable, enable]> max_range_segment: <value in [disable, enable]> max_url_param: <value in [disable, enable]> method: <value in [disable, enable]> param_length: <value in [disable, enable]> pattern: <string> regex: <value in [disable, enable]> url_param_length: <value in [disable, enable]> version: <value in [disable, enable]> header_length: action: <value in [allow, block]> length: <integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> hostname: action: <value in [allow, block]> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> line_length: action: <value in [allow, block]> length: <integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> malformed: action: <value in [allow, block]> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> max_cookie: action: <value in [allow, block]> log: <value in [disable, enable]> max_cookie: <integer> severity: <value in [low, medium, high]> status: <value in [disable, enable]> max_header_line: action: <value in [allow, block]> log: <value in [disable, enable]> max_header_line: <integer> severity: <value in [low, medium, high]> status: <value in [disable, enable]> max_range_segment: action: <value in [allow, block]> log: <value in [disable, enable]> max_range_segment: <integer> severity: <value in [low, medium, high]> status: <value in [disable, enable]> max_url_param: action: <value in [allow, block]> log: <value in [disable, enable]> max_url_param: <integer> severity: <value in [low, medium, high]> status: <value in [disable, enable]> method: action: <value in [allow, block]> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> param_length: action: <value in [allow, block]> length: <integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> url_param_length: action: <value in [allow, block]> length: <integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> version: action: <value in [allow, block]> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> method: default_allowed_methods: - delete - get - head - options - post - put - trace - others - connect log: <value in [disable, enable]> method_policy: - address: <string> allowed_methods: - delete - get - head - options - post - put - trace - others - connect id: <integer> pattern: <string> regex: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]> signature: credit_card_detection_threshold: <integer> custom_signature: - action: <value in [allow, block, erase]> case_sensitivity: <value in [disable, enable]> direction: <value in [request, response]> log: <value in [disable, enable]> name: <string> pattern: <string> severity: <value in [low, medium, high]> status: <value in [disable, enable]> target: - arg - arg-name - req-body - req-cookie - req-cookie-name - req-filename - req-header - req-header-name - req-raw-uri - req-uri - resp-body - resp-hdr - resp-status disabled_signature: <list or string> disabled_sub_class: <list or string> main_class: action: <value in [allow, block, erase]> id: <integer> log: <value in [disable, enable]> severity: <value in [low, medium, high]> status: <value in [disable, enable]>
adom: description: The parameter (adom) in requested url. required: true type: str state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int type: list enable_log: default: false description: Enable/Disable logging for task. type: bool waf_profile: description: The top level parameters set. required: false suboptions: address-list: description: Deprecated, please rename it to address_list. suboptions: blocked-address: description: (list or str) Deprecated, please rename it to blocked_address. Blocked address. type: raw blocked-log: choices: - disable - enable description: Deprecated, please rename it to blocked_log. Enable/disable logging on blocked addresses. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Status. type: str trusted-address: description: (list or str) Deprecated, please rename it to trusted_address. Trusted address. type: raw type: dict comment: description: Comment. type: str constraint: description: No description. suboptions: content-length: description: Deprecated, please rename it to content_length. suboptions: action: choices: - allow - block description: Action. type: str length: description: Length of HTTP content in bytes type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict exception: description: Exception. elements: dict suboptions: address: description: Host address. type: str content-length: choices: - disable - enable description: Deprecated, please rename it to content_length. HTTP content length in request. type: str header-length: choices: - disable - enable description: Deprecated, please rename it to header_length. HTTP header length in request. type: str hostname: choices: - disable - enable description: Enable/disable hostname check. type: str id: description: Exception ID. type: int line-length: choices: - disable - enable description: Deprecated, please rename it to line_length. HTTP line length in request. type: str malformed: choices: - disable - enable description: Enable/disable malformed HTTP request check. type: str max-cookie: choices: - disable - enable description: Deprecated, please rename it to max_cookie. Maximum number of cookies in HTTP request. type: str max-header-line: choices: - disable - enable description: Deprecated, please rename it to max_header_line. Maximum number of HTTP header line. type: str max-range-segment: choices: - disable - enable description: Deprecated, please rename it to max_range_segment. Maximum number of range segments in HTTP range line. type: str max-url-param: choices: - disable - enable description: Deprecated, please rename it to max_url_param. Maximum number of parameters in URL. type: str method: choices: - disable - enable description: Enable/disable HTTP method check. type: str param-length: choices: - disable - enable description: Deprecated, please rename it to param_length. Maximum length of parameter in URL, HTTP POST request or HTT... type: str pattern: description: URL pattern. type: str regex: choices: - disable - enable description: Enable/disable regular expression based pattern match. type: str url-param-length: choices: - disable - enable description: Deprecated, please rename it to url_param_length. Maximum length of parameter in URL. type: str version: choices: - disable - enable description: Enable/disable HTTP version check. type: str type: list header-length: description: Deprecated, please rename it to header_length. suboptions: action: choices: - allow - block description: Action. type: str length: description: Length of HTTP header in bytes type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict hostname: description: No description. suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict line-length: description: Deprecated, please rename it to line_length. suboptions: action: choices: - allow - block description: Action. type: str length: description: Length of HTTP line in bytes type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict malformed: description: No description. suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict max-cookie: description: Deprecated, please rename it to max_cookie. suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str max-cookie: description: Deprecated, please rename it to max_cookie. Maximum number of cookies in HTTP request type: int severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict max-header-line: description: Deprecated, please rename it to max_header_line. suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str max-header-line: description: Deprecated, please rename it to max_header_line. Maximum number HTTP header lines type: int severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict max-range-segment: description: Deprecated, please rename it to max_range_segment. suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str max-range-segment: description: Deprecated, please rename it to max_range_segment. Maximum number of range segments in HTTP range line type: int severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict max-url-param: description: Deprecated, please rename it to max_url_param. suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str max-url-param: description: Deprecated, please rename it to max_url_param. Maximum number of parameters in URL type: int severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict method: description: No description. suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict param-length: description: Deprecated, please rename it to param_length. suboptions: action: choices: - allow - block description: Action. type: str length: description: Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict url-param-length: description: Deprecated, please rename it to url_param_length. suboptions: action: choices: - allow - block description: Action. type: str length: description: Maximum length of URL parameter in bytes type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict version: description: No description. suboptions: action: choices: - allow - block description: Action. type: str log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Enable/disable the constraint. type: str type: dict type: dict extended-log: choices: - disable - enable description: Deprecated, please rename it to extended_log. Enable/disable extended logging. type: str external: choices: - disable - enable description: Disable/Enable external HTTP Inspection. type: str method: description: No description. suboptions: default-allowed-methods: choices: - delete - get - head - options - post - put - trace - others - connect description: Deprecated, please rename it to default_allowed_methods. Methods. elements: str type: list log: choices: - disable - enable description: Enable/disable logging. type: str method-policy: description: Deprecated, please rename it to method_policy. Method-Policy. elements: dict suboptions: address: description: Host address. type: str allowed-methods: choices: - delete - get - head - options - post - put - trace - others - connect description: Deprecated, please rename it to allowed_methods. Allowed Methods. elements: str type: list id: description: HTTP method policy ID. type: int pattern: description: URL pattern. type: str regex: choices: - disable - enable description: Enable/disable regular expression based pattern match. type: str type: list severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Status. type: str type: dict name: description: WAF Profile name. required: true type: str signature: description: No description. suboptions: credit-card-detection-threshold: description: Deprecated, please rename it to credit_card_detection_threshold. The minimum number of Credit cards to detect viol... type: int custom-signature: description: Deprecated, please rename it to custom_signature. Custom-Signature. elements: dict suboptions: action: choices: - allow - block - erase description: Action. type: str case-sensitivity: choices: - disable - enable description: Deprecated, please rename it to case_sensitivity. Case sensitivity in pattern. type: str direction: choices: - request - response description: Traffic direction. type: str log: choices: - disable - enable description: Enable/disable logging. type: str name: description: Signature name. type: str pattern: description: Match pattern. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Status. type: str target: choices: - arg - arg-name - req-body - req-cookie - req-cookie-name - req-filename - req-header - req-header-name - req-raw-uri - req-uri - resp-body - resp-hdr - resp-status description: Match HTTP target. elements: str type: list type: list disabled-signature: description: (list or str) Deprecated, please rename it to disabled_signature. Disabled signatures type: raw disabled-sub-class: description: (list or str) Deprecated, please rename it to disabled_sub_class. Disabled signature subclasses. type: raw main-class: description: Deprecated, please rename it to main_class. suboptions: action: choices: - allow - block - erase description: Action. type: str id: description: Main signature class ID. type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str status: choices: - disable - enable description: Status. type: str type: dict type: dict url-access: description: Deprecated, please rename it to url_access. Url-Access. elements: dict suboptions: access-pattern: description: Deprecated, please rename it to access_pattern. Access-Pattern. elements: dict suboptions: id: description: URL access pattern ID. type: int negate: choices: - disable - enable description: Enable/disable match negation. type: str pattern: description: URL pattern. type: str regex: choices: - disable - enable description: Enable/disable regular expression based pattern match. type: str srcaddr: description: Source address. type: str type: list action: choices: - bypass - permit - block description: Action. type: str address: description: Host address. type: str id: description: URL access ID. type: int log: choices: - disable - enable description: Enable/disable logging. type: str severity: choices: - low - medium - high description: Severity. type: str type: list type: dict access_token: description: The token to access FortiManager without using username and password. type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list