fmgr_secprof_waf – FortiManager web application firewall security profile
New in version 2.8.
Synopsis
- Manage web application firewall security profiles for FGTs via FMG
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
address_list - | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
address_list_blocked_address - | Blocked address. | |
address_list_blocked_log - |
| Enable/disable logging on blocked addresses. choice | disable | Disable setting. choice | enable | Enable setting. |
address_list_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
address_list_status - |
| Status. choice | disable | Disable setting. choice | enable | Enable setting. |
address_list_trusted_address - | Trusted address. | |
adom - | Default: "root" | The ADOM the configuration should belong to. |
comment - | Comment. | |
constraint - | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
constraint_content_length_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_content_length_length - | Length of HTTP content in bytes (0 to 2147483647). | |
constraint_content_length_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_content_length_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_content_length_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_address - | Host address. | |
constraint_exception_content_length - |
| HTTP content length in request. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_header_length - |
| HTTP header length in request. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_hostname - |
| Enable/disable hostname check. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_line_length - |
| HTTP line length in request. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_malformed - |
| Enable/disable malformed HTTP request check. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_max_cookie - |
| Maximum number of cookies in HTTP request. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_max_header_line - |
| Maximum number of HTTP header line. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_max_range_segment - |
| Maximum number of range segments in HTTP range line. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_max_url_param - |
| Maximum number of parameters in URL. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_method - |
| Enable/disable HTTP method check. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_param_length - |
| Maximum length of parameter in URL, HTTP POST request or HTTP body. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_pattern - | URL pattern. | |
constraint_exception_regex - |
| Enable/disable regular expression based pattern match. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_url_param_length - |
| Maximum length of parameter in URL. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_exception_version - |
| Enable/disable HTTP version check. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_header_length_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_header_length_length - | Length of HTTP header in bytes (0 to 2147483647). | |
constraint_header_length_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_header_length_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_header_length_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_hostname_action - |
| Action for a hostname constraint. choice | allow | Allow. choice | block | Block. |
constraint_hostname_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_hostname_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_hostname_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_line_length_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_line_length_length - | Length of HTTP line in bytes (0 to 2147483647). | |
constraint_line_length_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_line_length_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_line_length_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_malformed_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_malformed_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_malformed_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_malformed_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_max_cookie_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_max_cookie_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_max_cookie_max_cookie - | Maximum number of cookies in HTTP request (0 to 2147483647). | |
constraint_max_cookie_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_max_cookie_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_max_header_line_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_max_header_line_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_max_header_line_max_header_line - | Maximum number HTTP header lines (0 to 2147483647). | |
constraint_max_header_line_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_max_header_line_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_max_range_segment_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_max_range_segment_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_max_range_segment_max_range_segment - | Maximum number of range segments in HTTP range line (0 to 2147483647). | |
constraint_max_range_segment_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_max_range_segment_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_max_url_param_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_max_url_param_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_max_url_param_max_url_param - | Maximum number of parameters in URL (0 to 2147483647). | |
constraint_max_url_param_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_max_url_param_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_method_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_method_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_method_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_method_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_param_length_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_param_length_length - | Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). | |
constraint_param_length_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_param_length_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_param_length_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_url_param_length_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_url_param_length_length - | Maximum length of URL parameter in bytes (0 to 2147483647). | |
constraint_url_param_length_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_url_param_length_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_url_param_length_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_version_action - |
| Action. choice | allow | Allow. choice | block | Block. |
constraint_version_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
constraint_version_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
constraint_version_status - |
| Enable/disable the constraint. choice | disable | Disable setting. choice | enable | Enable setting. |
extended_log - |
| Enable/disable extended logging. choice | disable | Disable setting. choice | enable | Enable setting. |
external - |
| Disable/Enable external HTTP Inspection. choice | disable | Disable external inspection. choice | enable | Enable external inspection. |
method - | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
method_default_allowed_methods - |
| Methods. FLAG Based Options. Specify multiple in list form. flag | delete | HTTP DELETE method. flag | get | HTTP GET method. flag | head | HTTP HEAD method. flag | options | HTTP OPTIONS method. flag | post | HTTP POST method. flag | put | HTTP PUT method. flag | trace | HTTP TRACE method. flag | others | Other HTTP methods. flag | connect | HTTP CONNECT method. |
method_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
method_method_policy_address - | Host address. | |
method_method_policy_allowed_methods - |
| Allowed Methods. FLAG Based Options. Specify multiple in list form. flag | delete | HTTP DELETE method. flag | get | HTTP GET method. flag | head | HTTP HEAD method. flag | options | HTTP OPTIONS method. flag | post | HTTP POST method. flag | put | HTTP PUT method. flag | trace | HTTP TRACE method. flag | others | Other HTTP methods. flag | connect | HTTP CONNECT method. |
method_method_policy_pattern - | URL pattern. | |
method_method_policy_regex - |
| Enable/disable regular expression based pattern match. choice | disable | Disable setting. choice | enable | Enable setting. |
method_severity - |
| Severity. choice | low | low severity choice | medium | medium severity choice | high | High severity |
method_status - |
| Status. choice | disable | Disable setting. choice | enable | Enable setting. |
mode - |
| Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values |
name - | WAF Profile name. | |
signature - | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
signature_credit_card_detection_threshold - | The minimum number of Credit cards to detect violation. | |
signature_custom_signature_action - |
| Action. choice | allow | Allow. choice | block | Block. choice | erase | Erase credit card numbers. |
signature_custom_signature_case_sensitivity - |
| Case sensitivity in pattern. choice | disable | Case insensitive in pattern. choice | enable | Case sensitive in pattern. |
signature_custom_signature_direction - |
| Traffic direction. choice | request | Match HTTP request. choice | response | Match HTTP response. |
signature_custom_signature_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
signature_custom_signature_name - | Signature name. | |
signature_custom_signature_pattern - | Match pattern. | |
signature_custom_signature_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
signature_custom_signature_status - |
| Status. choice | disable | Disable setting. choice | enable | Enable setting. |
signature_custom_signature_target - |
| Match HTTP target. FLAG Based Options. Specify multiple in list form. flag | arg | HTTP arguments. flag | arg-name | Names of HTTP arguments. flag | req-body | HTTP request body. flag | req-cookie | HTTP request cookies. flag | req-cookie-name | HTTP request cookie names. flag | req-filename | HTTP request file name. flag | req-header | HTTP request headers. flag | req-header-name | HTTP request header names. flag | req-raw-uri | Raw URI of HTTP request. flag | req-uri | URI of HTTP request. flag | resp-body | HTTP response body. flag | resp-hdr | HTTP response headers. flag | resp-status | HTTP response status. |
signature_disabled_signature - | Disabled signatures | |
signature_disabled_sub_class - | Disabled signature subclasses. | |
signature_main_class_action - |
| Action. choice | allow | Allow. choice | block | Block. choice | erase | Erase credit card numbers. |
signature_main_class_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
signature_main_class_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
signature_main_class_status - |
| Status. choice | disable | Disable setting. choice | enable | Enable setting. |
url_access - | EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS | |
url_access_access_pattern_negate - |
| Enable/disable match negation. choice | disable | Disable setting. choice | enable | Enable setting. |
url_access_access_pattern_pattern - | URL pattern. | |
url_access_access_pattern_regex - |
| Enable/disable regular expression based pattern match. choice | disable | Disable setting. choice | enable | Enable setting. |
url_access_access_pattern_srcaddr - | Source address. | |
url_access_action - |
| Action. choice | bypass | Allow the HTTP request, also bypass further WAF scanning. choice | permit | Allow the HTTP request, and continue further WAF scanning. choice | block | Block HTTP request. |
url_access_address - | Host address. | |
url_access_log - |
| Enable/disable logging. choice | disable | Disable setting. choice | enable | Enable setting. |
url_access_severity - |
| Severity. choice | low | Low severity. choice | medium | Medium severity. choice | high | High severity. |
Notes
Note
- Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: DELETE Profile fmgr_secprof_waf: name: "Ansible_WAF_Profile" comment: "Created by Ansible Module TEST" mode: "delete" - name: CREATE Profile fmgr_secprof_waf: name: "Ansible_WAF_Profile" comment: "Created by Ansible Module TEST" mode: "set"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
api_result string | always | full API response, includes status code and message |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fmgr_secprof_waf_module.html