community.fortios.fmgr_secprof_waf – FortiManager web application firewall security profile
community.fortios.fmgr_secprof_waf – FortiManager web application firewall security profile
Note
This plugin is part of the community.fortios collection (version 1.0.0).
To install it use: ansible-galaxy collection install community.fortios.
To use it in a playbook, specify: community.fortios.fmgr_secprof_waf.
Synopsis
- Manage web application firewall security profiles for FGTs via FMG
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
address_list string |
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
|
address_list_blocked_address string |
Blocked address. | |
|
address_list_blocked_log string |
|
Enable/disable logging on blocked addresses. choice | disable | Disable setting. choice | enable | Enable setting. |
|
address_list_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
address_list_status string |
|
Status. choice | disable | Disable setting. choice | enable | Enable setting. |
|
address_list_trusted_address string |
Trusted address. | |
|
adom string |
Default: "root" |
The ADOM the configuration should belong to. |
|
comment string |
Comment. | |
|
constraint string |
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
|
constraint_content_length_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_content_length_length string |
Length of HTTP content in bytes (0 to 2147483647). | |
|
constraint_content_length_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_content_length_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_content_length_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_address string |
Host address. | |
|
constraint_exception_content_length string |
|
HTTP content length in request. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_header_length string |
|
HTTP header length in request. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_hostname string |
|
Enable/disable hostname check. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_line_length string |
|
HTTP line length in request. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_malformed string |
|
Enable/disable malformed HTTP request check. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_max_cookie string |
|
Maximum number of cookies in HTTP request. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_max_header_line string |
|
Maximum number of HTTP header line. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_max_range_segment string |
|
Maximum number of range segments in HTTP range line. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_max_url_param string |
|
Maximum number of parameters in URL. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_method string |
|
Enable/disable HTTP method check. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_param_length string |
|
Maximum length of parameter in URL, HTTP POST request or HTTP body. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_pattern string |
URL pattern. | |
|
constraint_exception_regex string |
|
Enable/disable regular expression based pattern match. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_url_param_length string |
|
Maximum length of parameter in URL. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_exception_version string |
|
Enable/disable HTTP version check. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_header_length_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_header_length_length string |
Length of HTTP header in bytes (0 to 2147483647). | |
|
constraint_header_length_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_header_length_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_header_length_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_hostname_action string |
|
Action for a hostname constraint. choice | allow | Allow. choice | block | Block. |
|
constraint_hostname_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_hostname_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_hostname_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_line_length_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_line_length_length string |
Length of HTTP line in bytes (0 to 2147483647). | |
|
constraint_line_length_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_line_length_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_line_length_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_malformed_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_malformed_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_malformed_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_malformed_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_max_cookie_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_max_cookie_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_max_cookie_max_cookie string |
Maximum number of cookies in HTTP request (0 to 2147483647). | |
|
constraint_max_cookie_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_max_cookie_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_max_header_line_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_max_header_line_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_max_header_line_max_header_line string |
Maximum number HTTP header lines (0 to 2147483647). | |
|
constraint_max_header_line_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_max_header_line_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_max_range_segment_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_max_range_segment_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_max_range_segment_max_range_segment string |
Maximum number of range segments in HTTP range line (0 to 2147483647). | |
|
constraint_max_range_segment_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_max_range_segment_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_max_url_param_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_max_url_param_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_max_url_param_max_url_param string |
Maximum number of parameters in URL (0 to 2147483647). | |
|
constraint_max_url_param_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_max_url_param_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_method_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_method_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_method_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_method_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_param_length_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_param_length_length string |
Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). | |
|
constraint_param_length_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_param_length_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_param_length_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_url_param_length_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_url_param_length_length string |
Maximum length of URL parameter in bytes (0 to 2147483647). | |
|
constraint_url_param_length_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_url_param_length_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_url_param_length_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_version_action string |
|
Action. choice | allow | Allow. choice | block | Block. |
|
constraint_version_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
constraint_version_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
constraint_version_status string |
|
Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
|
extended_log string |
|
Enable/disable extended logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
external string |
|
Disable/Enable external HTTP Inspection. choice | disable | Disable external inspection. choice | enable | Enable external inspection. |
|
method string |
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
|
method_default_allowed_methods string |
|
Methods. FLAG Based Options. Specify multiple in list form. flag | delete | HTTP DELETE method. flag | get | HTTP GET method. flag | head | HTTP HEAD method. flag | options | HTTP OPTIONS method. flag | post | HTTP POST method. flag | put | HTTP PUT method. flag | trace | HTTP TRACE method. flag | others | Other HTTP methods. flag | connect | HTTP CONNECT method. |
|
method_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
method_method_policy_address string |
Host address. | |
|
method_method_policy_allowed_methods string |
|
Allowed Methods. FLAG Based Options. Specify multiple in list form. flag | delete | HTTP DELETE method. flag | get | HTTP GET method. flag | head | HTTP HEAD method. flag | options | HTTP OPTIONS method. flag | post | HTTP POST method. flag | put | HTTP PUT method. flag | trace | HTTP TRACE method. flag | others | Other HTTP methods. flag | connect | HTTP CONNECT method. |
|
method_method_policy_pattern string |
URL pattern. | |
|
method_method_policy_regex string |
|
Enable/disable regular expression based pattern match. choice | disable | Disable setting. choice | enable | Enable setting. |
|
method_severity string |
|
Severity. choice | low | low severity choice | medium | medium severity choice | high | High severity |
|
method_status string |
|
Status. choice | disable | Disable setting. choice | enable | Enable setting. |
|
mode string |
|
Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values |
|
name string |
WAF Profile name. | |
|
signature string |
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
|
signature_credit_card_detection_threshold string |
The minimum number of Credit cards to detect violation. | |
|
signature_custom_signature_action string |
|
Action. choice | allow | Allow. choice | block | Block. choice | erase | Erase credit card numbers. |
|
signature_custom_signature_case_sensitivity string |
|
Case sensitivity in pattern. choice | disable | Case insensitive in pattern. choice | enable | Case sensitive in pattern. |
|
signature_custom_signature_direction string |
|
Traffic direction. choice | request | Match HTTP request. choice | response | Match HTTP response. |
|
signature_custom_signature_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
signature_custom_signature_name string |
Signature name. | |
|
signature_custom_signature_pattern string |
Match pattern. | |
|
signature_custom_signature_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
signature_custom_signature_status string |
|
Status. choice | disable | Disable setting. choice | enable | Enable setting. |
|
signature_custom_signature_target string |
|
Match HTTP target. FLAG Based Options. Specify multiple in list form. flag | arg | HTTP arguments. flag | arg-name | Names of HTTP arguments. flag | req-body | HTTP request body. flag | req-cookie | HTTP request cookies. flag | req-cookie-name | HTTP request cookie names. flag | req-filename | HTTP request file name. flag | req-header | HTTP request headers. flag | req-header-name | HTTP request header names. flag | req-raw-uri | Raw URI of HTTP request. flag | req-uri | URI of HTTP request. flag | resp-body | HTTP response body. flag | resp-hdr | HTTP response headers. flag | resp-status | HTTP response status. |
|
signature_disabled_signature string |
Disabled signatures | |
|
signature_disabled_sub_class string |
Disabled signature subclasses. | |
|
signature_main_class_action string |
|
Action. choice | allow | Allow. choice | block | Block. choice | erase | Erase credit card numbers. |
|
signature_main_class_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
signature_main_class_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
|
signature_main_class_status string |
|
Status. choice | disable | Disable setting. choice | enable | Enable setting. |
|
url_access string |
EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
|
url_access_access_pattern_negate string |
|
Enable/disable match negation. choice | disable | Disable setting. choice | enable | Enable setting. |
|
url_access_access_pattern_pattern string |
URL pattern. | |
|
url_access_access_pattern_regex string |
|
Enable/disable regular expression based pattern match. choice | disable | Disable setting. choice | enable | Enable setting. |
|
url_access_access_pattern_srcaddr string |
Source address. | |
|
url_access_action string |
|
Action. choice | bypass | Allow the HTTP request, also bypass further WAF scanning. choice | permit | Allow the HTTP request, and continue further WAF scanning. choice | block | Block HTTP request. |
|
url_access_address string |
Host address. | |
|
url_access_log string |
|
Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
|
url_access_severity string |
|
Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
Notes
Examples
- name: DELETE Profile
community.fortios.fmgr_secprof_waf:
name: "Ansible_WAF_Profile"
comment: "Created by Ansible Module TEST"
mode: "delete"
- name: CREATE Profile
community.fortios.fmgr_secprof_waf:
name: "Ansible_WAF_Profile"
comment: "Created by Ansible Module TEST"
mode: "set"Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
api_result string |
always |
full API response, includes status code and message
|
Authors
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/fortios/fmgr_secprof_waf_module.html
