f5networks.f5_modules.bigip_profile_http – Manage HTTP profiles on a BIG-IP
f5networks.f5_modules.bigip_profile_http – Manage HTTP profiles on a BIG-IP
Note
This plugin is part of the f5networks.f5_modules collection (version 1.7.1).
To install it use: ansible-galaxy collection install f5networks.f5_modules
.
To use it in a playbook, specify: f5networks.f5_modules.bigip_profile_http
.
New in version 1.0.0: of f5networks.f5_modules
Synopsis
- Manage HTTP profiles on a BIG-IP device.
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
accept_xff boolean |
|
Enables or disables trusting the client IP address, and statistics from the client IP address, based on the request's XFF (X-forwarded-for) headers, if they exist. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
description string |
Description of the profile. | ||
dns_resolver string |
Specifies the name of a configured DNS resolver, this option is mandatory when Format of the name can be either be prepended by partition ( To remove the entry, you can set a value of | ||
encrypt_cookie_secret string |
Passphrase for cookie encryption. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
encrypt_cookies list / elements=string |
Cookie names for the system to encrypt. To remove the entry completely, set a value of When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
enforcement dictionary |
Specifies protocol enforcement settings for the HTTP profile. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
excess_client_headers string |
|
Specifies the behavior when too many client headers are received. If set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
excess_server_headers string |
|
Specifies the behavior when too many server headers are received. If set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
known_methods list / elements=string |
Specifies which HTTP methods count as being known, removing RFC-defined methods from this list will cause the HTTP filter to not recognize them. The default list provided with the system include: The When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
max_header_count string |
Specifies the maximum number of headers allowed in HTTP request/response. The valid value range is between 16 and 4096 inclusive. When set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
max_header_size string |
Specifies the maximum header size specified in bytes. The valid value range is between 0 and 4294967295 inclusive. When set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
max_requests string |
Specifies the number of requests the system accepts on a per-connection basis. The valid value range is between 0 and 4294967295 inclusive. When set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
oversize_client_headers string |
|
Specifies the behavior when too-large client headers are received. If set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
oversize_server_headers string |
|
Specifies the behavior when too-large server headers are received. If set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
pipeline string |
|
Enables HTTP/1.1 pipelining, allowing clients to make requests even when prior requests have not received a response. In order for this to succeed, destination servers must include support for pipelining. If set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
truncated_redirects boolean |
|
Specifies what happens if a truncated redirect is seen from a server. If When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
unknown_method string |
|
Specifies whether to allow, reject or switch to pass-through mode when an unknown HTTP method is parsed. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
fallback_host string |
Specifies an HTTP fallback host. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
fallback_status_codes list / elements=string |
Specifies one or more HTTP error codes from server responses that should trigger a redirection to the fallback host. The accepted valid error codes are as defined by RFC2616. The codes can be specified as individual items or as valid ranges, for example Mixing response code range across error types is invalid, for example defining When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
header_erase string |
The name of a header in an HTTP request, which the system removes from request. To remove the entry completely, set a value of The format of the header must be in When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
header_insert string |
A string the system inserts as a header in an HTTP request. To remove the entry completely, set a value of The format of the header must be in When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
hsts_mode boolean |
|
When set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
include_subdomains boolean |
|
When set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
insert_xforwarded_for boolean |
|
Specifies the system inserts an X-Forwarded-For header in an HTTP request with the client IP address, to use with connection pooling. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
maximum_age string |
Specifies the maximum length of time, in seconds, that HSTS functionality requests clients only use HTTPS to connect to the current host and any sub-domains of the current host's domain name. The accepted value range is When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
name string / required |
Specifies the name of the profile. | ||
oneconnect_transformations boolean |
|
Enables the system to perform HTTP header transformations for keeping server-side connections open. This feature requires a OneConnect profile. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
parent string |
Specifies the profile from which this profile inherits settings. When creating a new profile, if this parameter is not specified, the default is the system-supplied | ||
partition string |
Default: "Common" |
Device partition to manage resources on. | |
provider dictionary added in 1.0.0 of f5networks.f5_modules |
A dict object containing connection details. | ||
auth_provider string |
Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | ||
no_f5_teem boolean |
|
If You may omit this option by setting the environment variable | |
password string / required |
The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable
| ||
server string / required |
The BIG-IP host. You may omit this option by setting the environment variable | ||
server_port integer |
Default: 443 |
The BIG-IP server port. You may omit this option by setting the environment variable | |
timeout integer |
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. | ||
transport string |
|
Configures the transport connection to use when connecting to the remote device. | |
user string / required |
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable | ||
validate_certs boolean |
|
If You may omit this option by setting the environment variable | |
proxy_type string |
|
Specifies the proxy mode for the profile. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
redirect_rewrite string |
|
Specifies whether the system rewrites the URIs that are part of HTTP redirect (3XX) responses. When set to When set to When set to When set to When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
request_chunking string |
|
Specifies how to handle chunked and unchunked requests. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
response_chunking string |
|
Specifies how to handle chunked and unchunked responses. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
server_agent_name string |
Specifies the string used as the server name in traffic generated by BIG-IP. To remove the entry completely, set a value of When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
sflow dictionary |
Specifies sFlow settings for the HTTP profile. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
poll_interval integer |
Specifies the maximum interval in seconds between two pollings. The valid value range is between 0 and 4294967295 seconds inclusive. For this setting to take effect the When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
poll_interval_global boolean |
|
Specifies whether the global HTTP poll-interval setting overrides the object-level When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
sampling_rate integer |
Specifies the ratio of packets observed to the samples generated. For example, a sampling rate of The valid value range is between 0 and 4294967295 packets inclusive. For this setting to take effect the When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | ||
sampling_rate_global boolean |
|
Specifies whether the global HTTP sampling-rate setting overrides the object-level sampling-rate setting. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. | |
state string |
|
When When | |
update_password string |
|
| |
xff_alternative_names list / elements=string |
Specifies alternative XFF headers instead of the default X-forwarded-for header. When creating a new profile, if this parameter is not specified, the default is provided by the parent profile. |
Notes
Note
- For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
- Requires BIG-IP software version >= 12.
- The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the f5networks.f5_modules.bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.
Examples
- name: Create HTTP profile
bigip_profile_http:
name: my_profile
insert_xforwarded_for: yes
redirect_rewrite: all
state: present
provider:
user: admin
password: secret
server: lb.mydomain.com
delegate_to: localhost
- name: Remove HTTP profile
bigip_profile_http:
name: my_profile
state: absent
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Add HTTP profile for transparent proxy
bigip_profile_http:
name: my_profile
proxy_type: transparent
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
accept_xff boolean |
changed |
Enables or disables trusting the client IP address and statistics from the client IP address.
Sample: True | |
description string |
changed |
Description of the profile.
Sample: My profile | |
dns_resolver string |
changed |
Configured dns resolver.
Sample: /Common/FooBar | |
encrypt_cookies list / elements=string |
changed |
Cookie names to encrypt.
Sample: ['MyCookie1', 'MyCookie2'] | |
enforcement complex |
changed |
Specifies protocol enforcement settings for the HTTP profile.
Sample: hash/dictionary of values | |
excess_server_headers string |
changed |
Specifies the behavior when too many server headers are received.
Sample: pass-through | |
known_methods list / elements=string |
changed |
The list of known HTTP methods.
Sample: ['default', 'FOO', 'BAR'] | |
max_header_count string |
changed |
The maximum number of headers allowed in HTTP request/response.
Sample: 4096 | |
max_header_size string |
changed |
The maximum header size specified in bytes.
Sample: default | |
max_requests string |
changed |
The number of requests the system accepts on a per-connection basis.
Sample: default | |
oversize_client_headers string |
changed |
Specifies the behavior when too-large client headers are received.
Sample: reject | |
oversize_server_headers string |
changed |
Specifies the behavior when too-large server headers are received.
Sample: reject | |
pipeline string |
changed |
Allows, rejects. or switches to pass-through mode when dealing with pipelined data.
Sample: allow | |
truncated_redirects boolean |
changed |
Specifies what happens if a truncated redirect is seen from a server.
Sample: True | |
unknown_method string |
changed |
Allows, rejects. or switches to pass-through mode when an unknown HTTP method is parsed.
Sample: allow | |
fallback_host string |
changed |
Specifies an HTTP fallback host.
Sample: foobar.com | |
fallback_status_codes list / elements=string |
changed |
HTTP error codes from server responses that should trigger a redirection to the fallback host.
Sample: ['400-404', '500', '501'] | |
header_erase string |
changed |
The name of a header in an HTTP request, which the system removes from request.
Sample: FOO:BAR | |
header_insert string |
changed |
The string the system inserts as a header in an HTTP request.
Sample: FOO:BAR | |
hsts_mode boolean |
changed |
Enables the HSTS settings.
| |
include_subdomains boolean |
changed |
Applies the HSTS policy to the HSTS host and its sub-domains.
Sample: True | |
insert_xforwarded_for boolean |
changed |
Insert X-Forwarded-For-Header.
Sample: True | |
maximum_age string |
changed |
The maximum length of time, in seconds, that HSTS functionality requests that clients only use HTTPS.
Sample: indefinite | |
oneconnect_transformations boolean |
changed |
Enables or disables HTTP header transformations.
| |
parent string |
changed |
Specifies the profile from which this profile inherits settings.
Sample: /Common/http | |
proxy_type string |
changed |
Specify proxy mode of the profile.
Sample: explicit | |
redirect_rewrite string |
changed |
Rewrite URI that are part of 3xx responses.
Sample: all | |
request_chunking string |
changed |
Specifies how to handle chunked and unchunked requests.
Sample: rechunk | |
response_chunking string |
changed |
Specifies how to handle chunked and unchunked responses.
Sample: rechunk | |
server_agent_name string |
changed |
The string used as the server name in traffic generated by BIG-IP.
Sample: foobar | |
sflow complex |
changed |
Specifies sFlow settings for the HTTP profile.
Sample: hash/dictionary of values | |
poll_interval integer |
changed |
Specifies the maximum interval in seconds between two pollings.
Sample: 30 | |
poll_interval_global boolean |
changed |
Enables/Disables overriding HTTP poll-interval setting.
Sample: True | |
sampling_rate integer |
changed |
Specifies the ratio of packets observed to the samples generated.
Sample: 2000 | |
sampling_rate_global boolean |
changed |
Enables/Disables overriding HTTP sampling-rate setting.
Sample: True | |
xff_alternative_names list / elements=string |
changed |
Specifies alternative XFF headers instead of the default X-forwarded-for header.
Sample: ['FooBar', 'client1'] |
Authors
- Wojciech Wypior (@wojtek0806)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/f5networks/f5_modules/bigip_profile_http_module.html