community.fortios.fmgr_secprof_web – Manage web filter security profiles in FortiManager
Note
This plugin is part of the community.fortios collection (version 1.0.0).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.fortios
.
To use it in a playbook, specify: community.fortios.fmgr_secprof_web
.
Synopsis
- Manage web filter security profiles in FortiManager through playbooks using the FMG API
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
adom string | Default: "root" | The ADOM the configuration should belong to. |
comment string | Optional comments. | |
extended_log string |
| Enable/disable extended logging for web filtering. choice | disable | Disable setting. choice | enable | Enable setting. |
ftgd_wf string | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
ftgd_wf_exempt_quota string | Do not stop quota for these categories. | |
ftgd_wf_filters_action string |
| Action to take for matches. choice | block | Block access. choice | monitor | Allow access while logging the action. choice | warning | Allow access after warning the user. choice | authenticate | Authenticate user before allowing access. |
ftgd_wf_filters_auth_usr_grp string | Groups with permission to authenticate. | |
ftgd_wf_filters_category string | Categories and groups the filter examines. | |
ftgd_wf_filters_log string |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
ftgd_wf_filters_override_replacemsg string | Override replacement message. | |
ftgd_wf_filters_warn_duration string | Duration of warnings. | |
ftgd_wf_filters_warning_duration_type string |
| Re-display warning after closing browser or after a timeout. choice | session | After session ends. choice | timeout | After timeout occurs. |
ftgd_wf_filters_warning_prompt string |
| Warning prompts in each category or each domain. choice | per-domain | Per-domain warnings. choice | per-category | Per-category warnings. |
ftgd_wf_max_quota_timeout string | Maximum FortiGuard quota used by single page view in seconds (excludes streams). | |
ftgd_wf_options string |
| Options for FortiGuard Web Filter. FLAG Based Options. Specify multiple in list form. flag | error-allow | Allow web pages with a rating error to pass through. flag | rate-server-ip | Rate the server IP in addition to the domain name. flag | connect-request-bypass | Bypass connection which has CONNECT request. flag | ftgd-disable | Disable FortiGuard scanning. |
ftgd_wf_ovrd string | Allow web filter profile overrides. | |
ftgd_wf_quota_category string | FortiGuard categories to apply quota to (category action must be set to monitor). | |
ftgd_wf_quota_duration string | Duration of quota. | |
ftgd_wf_quota_override_replacemsg string | Override replacement message. | |
ftgd_wf_quota_type string |
| Quota type. choice | time | Use a time-based quota. choice | traffic | Use a traffic-based quota. |
ftgd_wf_quota_unit string |
| Traffic quota unit of measurement. choice | B | Quota in bytes. choice | KB | Quota in kilobytes. choice | MB | Quota in megabytes. choice | GB | Quota in gigabytes. |
ftgd_wf_quota_value string | Traffic quota value. | |
ftgd_wf_rate_crl_urls string |
| Enable/disable rating CRL by URL. choice | disable | Disable rating CRL by URL. choice | enable | Enable rating CRL by URL. |
ftgd_wf_rate_css_urls string |
| Enable/disable rating CSS by URL. choice | disable | Disable rating CSS by URL. choice | enable | Enable rating CSS by URL. |
ftgd_wf_rate_image_urls string |
| Enable/disable rating images by URL. choice | disable | Disable rating images by URL (blocked images are replaced with blanks). choice | enable | Enable rating images by URL (blocked images are replaced with blanks). |
ftgd_wf_rate_javascript_urls string |
| Enable/disable rating JavaScript by URL. choice | disable | Disable rating JavaScript by URL. choice | enable | Enable rating JavaScript by URL. |
https_replacemsg string |
| Enable replacement messages for HTTPS. choice | disable | Disable setting. choice | enable | Enable setting. |
inspection_mode string |
| Web filtering inspection mode. choice | proxy | Proxy. choice | flow-based | Flow based. |
log_all_url string |
| Enable/disable logging all URLs visited. choice | disable | Disable setting. choice | enable | Enable setting. |
mode string |
| Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values |
name string | Profile name. | |
options string |
| FLAG Based Options. Specify multiple in list form. flag | block-invalid-url | Block sessions contained an invalid domain name. flag | jscript | Javascript block. flag | js | JS block. flag | vbs | VB script block. flag | unknown | Unknown script block. flag | wf-referer | Referring block. flag | intrinsic | Intrinsic script block. flag | wf-cookie | Cookie block. flag | per-user-bwl | Per-user black/white list filter flag | activexfilter | ActiveX filter. flag | cookiefilter | Cookie filter. flag | javafilter | Java applet filter. |
override string | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
override_ovrd_cookie string |
| Allow/deny browser-based (cookie) overrides. choice | deny | Deny browser-based (cookie) override. choice | allow | Allow browser-based (cookie) override. |
override_ovrd_dur string | Override duration. | |
override_ovrd_dur_mode string |
| Override duration mode. choice | constant | Constant mode. choice | ask | Prompt for duration when initiating an override. |
override_ovrd_scope string |
| Override scope. choice | user | Override for the user. choice | user-group | Override for the user's group. choice | ip | Override for the initiating IP. choice | ask | Prompt for scope when initiating an override. choice | browser | Create browser-based (cookie) override. |
override_ovrd_user_group string | User groups with permission to use the override. | |
override_profile string | Web filter profile with permission to create overrides. | |
override_profile_attribute string |
| Profile attribute to retrieve from the RADIUS server. choice | User-Name | Use this attribute. choice | NAS-IP-Address | Use this attribute. choice | Framed-IP-Address | Use this attribute. choice | Framed-IP-Netmask | Use this attribute. choice | Filter-Id | Use this attribute. choice | Login-IP-Host | Use this attribute. choice | Reply-Message | Use this attribute. choice | Callback-Number | Use this attribute. choice | Callback-Id | Use this attribute. choice | Framed-Route | Use this attribute. choice | Framed-IPX-Network | Use this attribute. choice | Class | Use this attribute. choice | Called-Station-Id | Use this attribute. choice | Calling-Station-Id | Use this attribute. choice | NAS-Identifier | Use this attribute. choice | Proxy-State | Use this attribute. choice | Login-LAT-Service | Use this attribute. choice | Login-LAT-Node | Use this attribute. choice | Login-LAT-Group | Use this attribute. choice | Framed-AppleTalk-Zone | Use this attribute. choice | Acct-Session-Id | Use this attribute. choice | Acct-Multi-Session-Id | Use this attribute. |
override_profile_type string |
| Override profile type. choice | list | Profile chosen from list. choice | radius | Profile determined by RADIUS server. |
ovrd_perm string |
| FLAG Based Options. Specify multiple in list form. flag | bannedword-override | Banned word override. flag | urlfilter-override | URL filter override. flag | fortiguard-wf-override | FortiGuard Web Filter override. flag | contenttype-check-override | Content-type header override. |
post_action string |
| Action taken for HTTP POST traffic. choice | normal | Normal, POST requests are allowed. choice | block | POST requests are blocked. |
replacemsg_group string | Replacement message group. | |
url_extraction string | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
url_extraction_redirect_header string | HTTP header name to use for client redirect on blocked requests | |
url_extraction_redirect_no_content string |
| Enable / Disable empty message-body entity in HTTP response choice | disable | Disable setting. choice | enable | Enable setting. |
url_extraction_redirect_url string | HTTP header value to use for client redirect on blocked requests | |
url_extraction_server_fqdn string | URL extraction server FQDN (fully qualified domain name) | |
url_extraction_status string |
| Enable URL Extraction choice | disable | Disable setting. choice | enable | Enable setting. |
web string | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
web_blacklist string |
| Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. choice | disable | Disable setting. choice | enable | Enable setting. |
web_bword_table string | Banned word table ID. | |
web_bword_threshold string | Banned word score threshold. | |
web_content_header_list string | Content header list. | |
web_content_log string |
| Enable/disable logging logging blocked web content. choice | disable | Disable setting. choice | enable | Enable setting. |
web_extended_all_action_log string |
| Enable/disable extended any filter action logging for web filtering. choice | disable | Disable setting. choice | enable | Enable setting. |
web_filter_activex_log string |
| Enable/disable logging ActiveX. choice | disable | Disable setting. choice | enable | Enable setting. |
web_filter_applet_log string |
| Enable/disable logging Java applets. choice | disable | Disable setting. choice | enable | Enable setting. |
web_filter_command_block_log string |
| Enable/disable logging blocked commands. choice | disable | Disable setting. choice | enable | Enable setting. |
web_filter_cookie_log string |
| Enable/disable logging cookie filtering. choice | disable | Disable setting. choice | enable | Enable setting. |
web_filter_cookie_removal_log string |
| Enable/disable logging blocked cookies. choice | disable | Disable setting. choice | enable | Enable setting. |
web_filter_js_log string |
| Enable/disable logging Java scripts. choice | disable | Disable setting. choice | enable | Enable setting. |
web_filter_jscript_log string |
| Enable/disable logging JScripts. choice | disable | Disable setting. choice | enable | Enable setting. |
web_filter_referer_log string |
| Enable/disable logging referrers. choice | disable | Disable setting. choice | enable | Enable setting. |
web_filter_unknown_log string |
| Enable/disable logging unknown scripts. choice | disable | Disable setting. choice | enable | Enable setting. |
web_filter_vbs_log string |
| Enable/disable logging VBS scripts. choice | disable | Disable setting. choice | enable | Enable setting. |
web_ftgd_err_log string |
| Enable/disable logging rating errors. choice | disable | Disable setting. choice | enable | Enable setting. |
web_ftgd_quota_usage string |
| Enable/disable logging daily quota usage. choice | disable | Disable setting. choice | enable | Enable setting. |
web_invalid_domain_log string |
| Enable/disable logging invalid domain names. choice | disable | Disable setting. choice | enable | Enable setting. |
web_keyword_match string | Search keywords to log when match is found. | |
web_log_search string |
| Enable/disable logging all search phrases. choice | disable | Disable setting. choice | enable | Enable setting. |
web_safe_search string |
| Safe search type. FLAG Based Options. Specify multiple in list form. flag | url | Insert safe search string into URL. flag | header | Insert safe search header. |
web_url_log string |
| Enable/disable logging URL filtering. choice | disable | Disable setting. choice | enable | Enable setting. |
web_urlfilter_table string | URL filter table ID. | |
web_whitelist string |
| FortiGuard whitelist settings. FLAG Based Options. Specify multiple in list form. flag | exempt-av | Exempt antivirus. flag | exempt-webcontent | Exempt web content. flag | exempt-activex-java-cookie | Exempt ActiveX-JAVA-Cookie. flag | exempt-dlp | Exempt DLP. flag | exempt-rangeblock | Exempt RangeBlock. flag | extended-log-others | Support extended log. |
web_youtube_restrict string |
| YouTube EDU filter level. choice | strict | Strict access for YouTube. choice | none | Full access for YouTube. choice | moderate | Moderate access for YouTube. |
wisp string |
| Enable/disable web proxy WISP. choice | disable | Disable web proxy WISP. choice | enable | Enable web proxy WISP. |
wisp_algorithm string |
| WISP server selection algorithm. choice | auto-learning | Select the lightest loading healthy server. choice | primary-secondary | Select the first healthy server in order. choice | round-robin | Select the next healthy server. |
wisp_servers string | WISP servers. | |
youtube_channel_filter string | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
youtube_channel_filter_channel_id string | YouTube channel ID to be filtered. | |
youtube_channel_filter_comment string | Comment. | |
youtube_channel_status string |
| YouTube channel filter status. choice | disable | Disable YouTube channel filter. choice | blacklist | Block matches. choice | whitelist | Allow matches. |
Notes
Note
- Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: DELETE Profile community.fortios.fmgr_secprof_web: name: "Ansible_Web_Filter_Profile" mode: "delete" - name: CREATE Profile community.fortios.fmgr_secprof_web: name: "Ansible_Web_Filter_Profile" comment: "Created by Ansible Module TEST" mode: "set" extended_log: "enable" inspection_mode: "proxy" log_all_url: "enable" options: "js" ovrd_perm: "bannedword-override" post_action: "block" web_content_log: "enable" web_extended_all_action_log: "enable" web_filter_activex_log: "enable" web_filter_applet_log: "enable" web_filter_command_block_log: "enable" web_filter_cookie_log: "enable" web_filter_cookie_removal_log: "enable" web_filter_js_log: "enable" web_filter_jscript_log: "enable" web_filter_referer_log: "enable" web_filter_unknown_log: "enable" web_filter_vbs_log: "enable" web_ftgd_err_log: "enable" web_ftgd_quota_usage: "enable" web_invalid_domain_log: "enable" web_url_log: "enable" wisp: "enable" wisp_algorithm: "auto-learning" youtube_channel_status: "blacklist"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
api_result string | always | full API response, includes status code and message |
Authors
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/fortios/fmgr_secprof_web_module.html