bigip_asm_policy_signature_set – Manages Signature Sets on ASM policy
bigip_asm_policy_signature_set – Manages Signature Sets on ASM policy
New in version 2.8.
Synopsis
- Manages Signature Sets on ASM policy.
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
alarm boolean |
|
Specifies if the security policy logs the request data in the Statistics screen, when a request matches a signature that is included in the signature set. | |
block boolean |
|
Effective when the security policy`s enforcement mode is Blocking. Determines how the system treats requests that match a signature included in the signature set. When When | |
learn boolean |
|
Specifies if the security policy learns all requests that match a signature that is included in the signature set. | |
name string / required |
Specifies the name of the signature sets to apply on or remove from the ASM policy. Apart from built-in signature sets that ship with the device, users can use user created signature sets. When When When When When When When When When When When When When When When When When When When When When When When When When When When | ||
partition string |
Default: "Common" |
This parameter is only used when identifying ASM policy. | |
password string / required |
The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable
| ||
policy_name string / required |
Specifies the name of an existing ASM policy to add or remove signature sets. | ||
provider dictionary added in 2.5 |
A dict object containing connection details. | ||
password string / required |
The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable
| ||
server string / required |
The BIG-IP host. You may omit this option by setting the environment variable | ||
server_port integer |
Default: 443 |
The BIG-IP server port. You may omit this option by setting the environment variable | |
ssh_keyfile path |
Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports. You may omit this option by setting the environment variable | ||
timeout integer |
Default: 10 |
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. | |
transport string |
|
Configures the transport connection to use when connecting to the remote device. | |
user string / required |
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable | ||
validate_certs boolean |
|
If You may omit this option by setting the environment variable | |
server string / required |
The BIG-IP host. You may omit this option by setting the environment variable | ||
server_port integer added in 2.2 |
Default: 443 |
The BIG-IP server port. You may omit this option by setting the environment variable | |
state string |
|
When When | |
user string / required |
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable | ||
validate_certs boolean added in 2.0 |
|
If You may omit this option by setting the environment variable |
Notes
Note
- This module is primarily used as a component of configuring ASM policy in Ansible Galaxy ASM Policy Role.
- For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
- Requires BIG-IP software version >= 12.
- The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.
Examples
- name: Add Signature Set to ASM Policy
bigip_asm_policy_signature_set:
name: IIS and Windows Signatures
policy_name: FooPolicy
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Remove Signature Set to ASM Policy
bigip_asm_policy_signature_set:
name: IIS and Windows Signatures
policy_name: FooPolicy
state: absent
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
alarm boolean |
changed |
Specifies whether the security policy logs the request data in the Statistics screen
Sample: True |
block boolean |
changed |
Determines how the system treats requests that match a signature included in the signature set
|
learn boolean |
changed |
Specifies if the policy learns all requests that match a signature that is included in the signature set
Sample: True |
name string |
changed |
The name of Signature Set added/removed on ASM policy
Sample: Cisco Signatures |
policy_name string |
changed |
The name of the ASM policy
Sample: FooPolicy |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by an Ansible Partner. [certified]
Authors
- Wojciech Wypior (@wojtek0806)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/bigip_asm_policy_signature_set_module.html