:source: fmgr_waf_profile.py :orphan: .. _fmgr_waf_profile: fmgr_waf_profile -- Web application firewall configuration. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 1.0.0 .. warning:: Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case). - Argument name before 3.0.0: ``var-name``, ``var name``, ``var.name`` - New argument name starting in 3.0.0: ``var_name`` FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg. .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiManager device. - Examples include all parameters and values need to be adjusted to data sources before usage. - Tested with FortiManager v7.x. Requirements ------------ The below requirements are needed on the host that executes this module. - ansible-core>=2.16.0 FortiManager Version Compatibility ---------------------------------- .. raw:: html

Supported Version Ranges: v6.0.0 -> latest

Parameters ---------- .. raw:: html Notes ----- .. note:: - Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work. - To create or update an object, use state: present directive. - To delete an object, use state: absent directive - Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded Examples -------- .. code-block:: yaml+jinja - name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi gather_facts: false tasks: - name: Web application firewall configuration. fortinet.fortimanager.fmgr_waf_profile: # workspace_locking_adom: adom: state: present # waf_profile: name: "your value" # Required variable, string # comment: # extended_log: # external: # url_access: # - access_pattern: # - id: # negate: # pattern: # regex: # srcaddr: # action: # address: # id: # log: # severity: # address_list: # blocked_address: # blocked_log: # severity: # status: # trusted_address: # constraint: # content_length: # action: # length: # log: # severity: # status: # exception: # - address: # content_length: # header_length: # hostname: # id: # line_length: # malformed: # max_cookie: # max_header_line: # max_range_segment: # max_url_param: # method: # param_length: # pattern: # regex: # url_param_length: # version: # header_length: # action: # length: # log: # severity: # status: # hostname: # action: # log: # severity: # status: # line_length: # action: # length: # log: # severity: # status: # malformed: # action: # log: # severity: # status: # max_cookie: # action: # log: # max_cookie: # severity: # status: # max_header_line: # action: # log: # max_header_line: # severity: # status: # max_range_segment: # action: # log: # max_range_segment: # severity: # status: # max_url_param: # action: # log: # max_url_param: # severity: # status: # method: # action: # log: # severity: # status: # param_length: # action: # length: # log: # severity: # status: # url_param_length: # action: # length: # log: # severity: # status: # version: # action: # log: # severity: # status: # method: # default_allowed_methods: ["delete", "get", "head", "options", "post", "put", # "trace", "others", "connect"] # log: # method_policy: # - address: # allowed_methods: ["delete", "get", "head", "options", "post", "put", "trace", # "others", "connect"] # id: # pattern: # regex: # severity: # status: # signature: # credit_card_detection_threshold: # custom_signature: # - action: # case_sensitivity: # direction: # log: # name: # pattern: # severity: # status: # target: ["arg", "arg-name", "req-body", "req-cookie", "req-cookie-name", # "req-filename", "req-header", "req-header-name", "req-raw-uri", # "req-uri", "resp-body", "resp-hdr", "resp-status"] # disabled_signature: # disabled_sub_class: # main_class: # action: # id: # log: # severity: # status: Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html
  • meta - The result of the request.returned: always type: dict
    • request_url - The full url requested. returned: always type: str sample: /sys/login/user
    • response_code - The status of api request. returned: always type: int sample: 0
    • response_data - The data body of the api response. returned: optional type: list or dict
    • response_message - The descriptive message of the api response. returned: always type: str sample: OK
    • system_information - The information of the target system. returned: always type: dict
  • rc - The status the request. returned: always type: int sample: 0
  • version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Xinwei Du (@dux-fortinet) - Xing Li (@lix-fortinet) - Jie Xue (@JieX19) - Link Zheng (@chillancezen) - Frank Shen (@fshen01) - Hongbin Lu (@fgtdev-hblu)