fortinet / fortinet.fortios / 2.3.6 / module / fortios_webfilter_profile Configure Web filter profiles in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_webfilter_profile (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure Web filter profiles. fortinet.fortios.fortios_webfilter_profile: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" webfilter_profile: antiphish: authentication: "domain-controller" check_basic_auth: "enable" check_uri: "enable" check_username_only: "enable" custom_patterns: - category: "username" pattern: "<your_own_value>" type: "regex" default_action: "exempt" domain_controller: "<your_own_value> (source user.domain-controller.name credential-store.domain-controller.server-name)" inspection_entries: - action: "exempt" fortiguard_category: "<your_own_value>" name: "default_name_17" ldap: "<your_own_value> (source user.ldap.name)" max_body_len: "65536" status: "enable" comment: "Optional comments." extended_log: "enable" feature_set: "flow" file_filter: entries: - action: "log" comment: "Comment." direction: "incoming" file_type: - name: "default_name_30 (source antivirus.filetype.name)" filter: "<your_own_value>" password_protected: "yes" protocol: "http" log: "enable" scan_archive_contents: "enable" status: "enable" ftgd_wf: exempt_quota: "<your_own_value>" filters: - action: "block" auth_usr_grp: - name: "default_name_42 (source user.group.name)" category: "0" id: "44" log: "enable" override_replacemsg: "<your_own_value>" warn_duration: "<your_own_value>" warning_duration_type: "session" warning_prompt: "per-domain" max_quota_timeout: "300" options: "error-allow" ovrd: "<your_own_value>" quota: - category: "<your_own_value>" duration: "<your_own_value>" id: "56" override_replacemsg: "<your_own_value>" type: "time" unit: "B" value: "1024" rate_crl_urls: "disable" rate_css_urls: "disable" rate_image_urls: "disable" rate_javascript_urls: "disable" https_replacemsg: "enable" inspection_mode: "proxy" log_all_url: "enable" name: "default_name_68" options: "activexfilter" override: ovrd_cookie: "allow" ovrd_dur: "<your_own_value>" ovrd_dur_mode: "constant" ovrd_scope: "user" ovrd_user_group: - name: "default_name_76 (source user.group.name)" profile: - name: "default_name_78 (source webfilter.profile.name)" profile_attribute: "User-Name" profile_type: "list" ovrd_perm: "bannedword-override" post_action: "normal" replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)" url_extraction: redirect_header: "<your_own_value>" redirect_no_content: "enable" redirect_url: "<your_own_value>" server_fqdn: "<your_own_value>" status: "enable" web: allowlist: "exempt-av" blacklist: "enable" blocklist: "enable" bword_table: "0" bword_threshold: "10" content_header_list: "0" keyword_match: - pattern: "<your_own_value>" log_search: "enable" safe_search: "url" urlfilter_table: "0" vimeo_restrict: "<your_own_value>" whitelist: "exempt-av" youtube_restrict: "none" web_antiphishing_log: "enable" web_content_log: "enable" web_extended_all_action_log: "enable" web_filter_activex_log: "enable" web_filter_applet_log: "enable" web_filter_command_block_log: "enable" web_filter_cookie_log: "enable" web_filter_cookie_removal_log: "enable" web_filter_js_log: "enable" web_filter_jscript_log: "enable" web_filter_referer_log: "enable" web_filter_unknown_log: "enable" web_filter_vbs_log: "enable" web_flow_log_encoding: "utf-8" web_ftgd_err_log: "enable" web_ftgd_quota_usage: "enable" web_invalid_domain_log: "enable" web_url_log: "enable" wisp: "enable" wisp_algorithm: "primary-secondary" wisp_servers: - name: "default_name_126 (source web-proxy.wisp.name)" youtube_channel_filter: - channel_id: "<your_own_value>" comment: "Comment." id: "130" youtube_channel_status: "disable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str webfilter_profile: default: null description: - Configure Web filter profiles. suboptions: antiphish: description: - AntiPhishing profile. suboptions: authentication: choices: - domain-controller - ldap description: - Authentication methods. type: str check_basic_auth: choices: - enable - disable description: - Enable/disable checking of HTTP Basic Auth field for known credentials. type: str check_uri: choices: - enable - disable description: - Enable/disable checking of GET URI parameters for known credentials. type: str check_username_only: choices: - enable - disable description: - Enable/disable username only matching of credentials. Action will be taken for valid usernames regardless of password validity. type: str custom_patterns: description: - Custom username and password regex patterns. elements: dict suboptions: category: choices: - username - password description: - Category that the pattern matches. type: str pattern: description: - Target pattern. required: true type: str type: choices: - regex - literal description: - Pattern will be treated either as a regex pattern or literal string. type: str type: list default_action: choices: - exempt - log - block description: - Action to be taken when there is no matching rule. type: str domain_controller: description: - Domain for which to verify received credentials against. Source user.domain-controller.name credential-store.domain-controller .server-name. type: str inspection_entries: description: - AntiPhishing entries. elements: dict suboptions: action: choices: - exempt - log - block description: - Action to be taken upon an AntiPhishing match. type: str fortiguard_category: description: - FortiGuard category to match. elements: str type: list name: description: - Inspection target name. required: true type: str type: list ldap: description: - LDAP server for which to verify received credentials against. Source user.ldap.name. type: str max_body_len: description: - Maximum size of a POST body to check for credentials. type: int status: choices: - enable - disable description: - Toggle AntiPhishing functionality. type: str type: dict comment: description: - Optional comments. type: str extended_log: choices: - enable - disable description: - Enable/disable extended logging for web filtering. type: str feature_set: choices: - flow - proxy description: - Flow/proxy feature set. type: str file_filter: description: - File filter. suboptions: entries: description: - File filter entries. elements: dict suboptions: action: choices: - log - block description: - Action taken for matched file. type: str comment: description: - Comment. type: str direction: choices: - incoming - outgoing - any description: - Match files transmitted in the session"s originating or reply direction. type: str file_type: description: - Select file type. elements: dict suboptions: name: description: - File type name. Source antivirus.filetype.name. required: true type: str type: list filter: description: - Add a file filter. required: true type: str password_protected: choices: - 'yes' - any description: - Match password-protected files. type: str protocol: choices: - http - ftp description: - Protocols to apply with. elements: str type: list type: list log: choices: - enable - disable description: - Enable/disable file filter logging. type: str scan_archive_contents: choices: - enable - disable description: - Enable/disable file filter archive contents scan. type: str status: choices: - enable - disable description: - Enable/disable file filter. type: str type: dict ftgd_wf: description: - FortiGuard Web Filter settings. suboptions: exempt_quota: description: - Do not stop quota for these categories. elements: str type: list filters: description: - FortiGuard filters. elements: dict suboptions: action: choices: - block - authenticate - monitor - warning description: - Action to take for matches. type: str auth_usr_grp: description: - Groups with permission to authenticate. elements: dict suboptions: name: description: - User group name. Source user.group.name. required: true type: str type: list category: description: - Categories and groups the filter examines. type: int id: description: - ID number. see <a href='#notes'>Notes</a>. required: true type: int log: choices: - enable - disable description: - Enable/disable logging. type: str override_replacemsg: description: - Override replacement message. type: str warn_duration: description: - Duration of warnings. type: str warning_duration_type: choices: - session - timeout description: - Re-display warning after closing browser or after a timeout. type: str warning_prompt: choices: - per-domain - per-category description: - Warning prompts in each category or each domain. type: str type: list max_quota_timeout: description: - Maximum FortiGuard quota used by single page view in seconds (excludes streams). type: int options: choices: - error-allow - rate-server-ip - connect-request-bypass - ftgd-disable description: - Options for FortiGuard Web Filter. elements: str type: list ovrd: description: - Allow web filter profile overrides. elements: str type: list quota: description: - FortiGuard traffic quota settings. elements: dict suboptions: category: description: - FortiGuard categories to apply quota to (category action must be set to monitor). elements: str type: list duration: description: - Duration of quota. type: str id: description: - ID number. see <a href='#notes'>Notes</a>. required: true type: int override_replacemsg: description: - Override replacement message. type: str type: choices: - time - traffic description: - Quota type. type: str unit: choices: - B - KB - MB - GB description: - Traffic quota unit of measurement. type: str value: description: - Traffic quota value. type: int type: list rate_crl_urls: choices: - disable - enable description: - Enable/disable rating CRL by URL. type: str rate_css_urls: choices: - disable - enable description: - Enable/disable rating CSS by URL. type: str rate_image_urls: choices: - disable - enable description: - Enable/disable rating images by URL. type: str rate_javascript_urls: choices: - disable - enable description: - Enable/disable rating JavaScript by URL. type: str type: dict https_replacemsg: choices: - enable - disable description: - Enable replacement messages for HTTPS. type: str inspection_mode: choices: - proxy - flow-based description: - Web filtering inspection mode. type: str log_all_url: choices: - enable - disable description: - Enable/disable logging all URLs visited. type: str name: description: - Profile name. required: true type: str options: choices: - activexfilter - cookiefilter - javafilter - block-invalid-url - jscript - js - vbs - unknown - intrinsic - wf-referer - wf-cookie - per-user-bal - per-user-bwl description: - Options. elements: str type: list override: description: - Web Filter override settings. suboptions: ovrd_cookie: choices: - allow - deny description: - Allow/deny browser-based (cookie) overrides. type: str ovrd_dur: description: - Override duration. type: str ovrd_dur_mode: choices: - constant - ask description: - Override duration mode. type: str ovrd_scope: choices: - user - user-group - ip - browser - ask description: - Override scope. type: str ovrd_user_group: description: - User groups with permission to use the override. elements: dict suboptions: name: description: - User group name. Source user.group.name. required: true type: str type: list profile: description: - Web filter profile with permission to create overrides. elements: dict suboptions: name: description: - Web profile. Source webfilter.profile.name. required: true type: str type: list profile_attribute: choices: - User-Name - NAS-IP-Address - Framed-IP-Address - Framed-IP-Netmask - Filter-Id - Login-IP-Host - Reply-Message - Callback-Number - Callback-Id - Framed-Route - Framed-IPX-Network - Class - Called-Station-Id - Calling-Station-Id - NAS-Identifier - Proxy-State - Login-LAT-Service - Login-LAT-Node - Login-LAT-Group - Framed-AppleTalk-Zone - Acct-Session-Id - Acct-Multi-Session-Id description: - Profile attribute to retrieve from the RADIUS server. type: str profile_type: choices: - list - radius description: - Override profile type. type: str type: dict ovrd_perm: choices: - bannedword-override - urlfilter-override - fortiguard-wf-override - contenttype-check-override description: - Permitted override types. elements: str type: list post_action: choices: - normal - block description: - Action taken for HTTP POST traffic. type: str replacemsg_group: description: - Replacement message group. Source system.replacemsg-group.name. type: str url_extraction: description: - Configure URL Extraction suboptions: redirect_header: description: - HTTP header name to use for client redirect on blocked requests type: str redirect_no_content: choices: - enable - disable description: - Enable / Disable empty message-body entity in HTTP response type: str redirect_url: description: - HTTP header value to use for client redirect on blocked requests type: str server_fqdn: description: - URL extraction server FQDN (fully qualified domain name) type: str status: choices: - enable - disable description: - Enable URL Extraction type: str type: dict web: description: - Web content filtering settings. suboptions: allowlist: choices: - exempt-av - exempt-webcontent - exempt-activex-java-cookie - exempt-dlp - exempt-rangeblock - extended-log-others description: - FortiGuard allowlist settings. elements: str type: list blacklist: choices: - enable - disable description: - Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. type: str blocklist: choices: - enable - disable description: - Enable/disable automatic addition of URLs detected by FortiSandbox to blocklist. type: str bword_table: description: - Banned word table ID. Source webfilter.content.id. type: int bword_threshold: description: - Banned word score threshold. type: int content_header_list: description: - Content header list. Source webfilter.content-header.id. type: int keyword_match: description: - Search keywords to log when match is found. elements: dict suboptions: pattern: description: - Pattern/keyword to search for. required: true type: str type: list log_search: choices: - enable - disable description: - Enable/disable logging all search phrases. type: str safe_search: choices: - url - header description: - Safe search type. elements: str type: list urlfilter_table: description: - URL filter table ID. Source webfilter.urlfilter.id. type: int vimeo_restrict: description: - Set Vimeo-restrict ("7" = don"t show mature content, "134" = don"t show unrated and mature content). A value of cookie "content_rating". type: str whitelist: choices: - exempt-av - exempt-webcontent - exempt-activex-java-cookie - exempt-dlp - exempt-rangeblock - extended-log-others description: - FortiGuard whitelist settings. elements: str type: list youtube_restrict: choices: - none - strict - moderate description: - YouTube EDU filter level. type: str type: dict web_antiphishing_log: choices: - enable - disable description: - Enable/disable logging of AntiPhishing checks. type: str web_content_log: choices: - enable - disable description: - Enable/disable logging logging blocked web content. type: str web_extended_all_action_log: choices: - enable - disable description: - Enable/disable extended any filter action logging for web filtering. type: str web_filter_activex_log: choices: - enable - disable description: - Enable/disable logging ActiveX. type: str web_filter_applet_log: choices: - enable - disable description: - Enable/disable logging Java applets. type: str web_filter_command_block_log: choices: - enable - disable description: - Enable/disable logging blocked commands. type: str web_filter_cookie_log: choices: - enable - disable description: - Enable/disable logging cookie filtering. type: str web_filter_cookie_removal_log: choices: - enable - disable description: - Enable/disable logging blocked cookies. type: str web_filter_js_log: choices: - enable - disable description: - Enable/disable logging Java scripts. type: str web_filter_jscript_log: choices: - enable - disable description: - Enable/disable logging JScripts. type: str web_filter_referer_log: choices: - enable - disable description: - Enable/disable logging referrers. type: str web_filter_unknown_log: choices: - enable - disable description: - Enable/disable logging unknown scripts. type: str web_filter_vbs_log: choices: - enable - disable description: - Enable/disable logging VBS scripts. type: str web_flow_log_encoding: choices: - utf-8 - punycode description: - Log encoding in flow mode. type: str web_ftgd_err_log: choices: - enable - disable description: - Enable/disable logging rating errors. type: str web_ftgd_quota_usage: choices: - enable - disable description: - Enable/disable logging daily quota usage. type: str web_invalid_domain_log: choices: - enable - disable description: - Enable/disable logging invalid domain names. type: str web_url_log: choices: - enable - disable description: - Enable/disable logging URL filtering. type: str wisp: choices: - enable - disable description: - Enable/disable web proxy WISP. type: str wisp_algorithm: choices: - primary-secondary - round-robin - auto-learning description: - WISP server selection algorithm. type: str wisp_servers: description: - WISP servers. elements: dict suboptions: name: description: - Server name. Source web-proxy.wisp.name. required: true type: str type: list youtube_channel_filter: description: - YouTube channel filter. elements: dict suboptions: channel_id: description: - YouTube channel ID to be filtered. type: str comment: description: - Comment. type: str id: description: - ID. see <a href='#notes'>Notes</a>. required: true type: int type: list youtube_channel_status: choices: - disable - blacklist - whitelist description: - YouTube channel filter status. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str