community.fortios.fmgr_secprof_waf – FortiManager web application firewall security profile¶

Note

This plugin is part of the community.fortios collection (version 1.0.0).

To install it use: ansible-galaxy collection install community.fortios.

To use it in a playbook, specify: community.fortios.fmgr_secprof_waf.

Synopsis
Parameters
Notes
Examples
Return Values

Synopsis ¶

Manage web application firewall security profiles for FGTs via FMG

Parameters ¶

Parameter	Choices/Defaults	Comments
address_list string		EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
address_list_blocked_address string		Blocked address.
address_list_blocked_log string	Choices: disable enable	Enable/disable logging on blocked addresses. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
address_list_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
address_list_status string	Choices: disable enable	Status. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
address_list_trusted_address string		Trusted address.
adom string	Default: "root"	The ADOM the configuration should belong to.
comment string		Comment.
constraint string		EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
constraint_content_length_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_content_length_length string		Length of HTTP content in bytes (0 to 2147483647).
constraint_content_length_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_content_length_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_content_length_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_address string		Host address.
constraint_exception_content_length string	Choices: disable enable	HTTP content length in request. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_header_length string	Choices: disable enable	HTTP header length in request. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_hostname string	Choices: disable enable	Enable/disable hostname check. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_line_length string	Choices: disable enable	HTTP line length in request. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_malformed string	Choices: disable enable	Enable/disable malformed HTTP request check. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_max_cookie string	Choices: disable enable	Maximum number of cookies in HTTP request. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_max_header_line string	Choices: disable enable	Maximum number of HTTP header line. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_max_range_segment string	Choices: disable enable	Maximum number of range segments in HTTP range line. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_max_url_param string	Choices: disable enable	Maximum number of parameters in URL. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_method string	Choices: disable enable	Enable/disable HTTP method check. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_param_length string	Choices: disable enable	Maximum length of parameter in URL, HTTP POST request or HTTP body. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_pattern string		URL pattern.
constraint_exception_regex string	Choices: disable enable	Enable/disable regular expression based pattern match. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_url_param_length string	Choices: disable enable	Maximum length of parameter in URL. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_exception_version string	Choices: disable enable	Enable/disable HTTP version check. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_header_length_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_header_length_length string		Length of HTTP header in bytes (0 to 2147483647).
constraint_header_length_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_header_length_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_header_length_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_hostname_action string	Choices: allow block	Action for a hostname constraint. choice \| allow \| Allow. choice \| block \| Block.
constraint_hostname_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_hostname_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_hostname_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_line_length_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_line_length_length string		Length of HTTP line in bytes (0 to 2147483647).
constraint_line_length_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_line_length_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_line_length_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_malformed_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_malformed_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_malformed_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_malformed_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_max_cookie_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_max_cookie_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_max_cookie_max_cookie string		Maximum number of cookies in HTTP request (0 to 2147483647).
constraint_max_cookie_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_max_cookie_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_max_header_line_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_max_header_line_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_max_header_line_max_header_line string		Maximum number HTTP header lines (0 to 2147483647).
constraint_max_header_line_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_max_header_line_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_max_range_segment_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_max_range_segment_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_max_range_segment_max_range_segment string		Maximum number of range segments in HTTP range line (0 to 2147483647).
constraint_max_range_segment_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_max_range_segment_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_max_url_param_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_max_url_param_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_max_url_param_max_url_param string		Maximum number of parameters in URL (0 to 2147483647).
constraint_max_url_param_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_max_url_param_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_method_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_method_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_method_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_method_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_param_length_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_param_length_length string		Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647).
constraint_param_length_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_param_length_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_param_length_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_url_param_length_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_url_param_length_length string		Maximum length of URL parameter in bytes (0 to 2147483647).
constraint_url_param_length_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_url_param_length_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_url_param_length_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_version_action string	Choices: allow block	Action. choice \| allow \| Allow. choice \| block \| Block.
constraint_version_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
constraint_version_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
constraint_version_status string	Choices: disable enable	Enable/disable the constraint. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
extended_log string	Choices: disable enable	Enable/disable extended logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
external string	Choices: disable enable	Disable/Enable external HTTP Inspection. choice \| disable \| Disable external inspection. choice \| enable \| Enable external inspection.
method string		EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
method_default_allowed_methods string	Choices: delete get head options post put trace others connect	Methods. FLAG Based Options. Specify multiple in list form. flag \| delete \| HTTP DELETE method. flag \| get \| HTTP GET method. flag \| head \| HTTP HEAD method. flag \| options \| HTTP OPTIONS method. flag \| post \| HTTP POST method. flag \| put \| HTTP PUT method. flag \| trace \| HTTP TRACE method. flag \| others \| Other HTTP methods. flag \| connect \| HTTP CONNECT method.
method_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
method_method_policy_address string		Host address.
method_method_policy_allowed_methods string	Choices: delete get head options post put trace others connect	Allowed Methods. FLAG Based Options. Specify multiple in list form. flag \| delete \| HTTP DELETE method. flag \| get \| HTTP GET method. flag \| head \| HTTP HEAD method. flag \| options \| HTTP OPTIONS method. flag \| post \| HTTP POST method. flag \| put \| HTTP PUT method. flag \| trace \| HTTP TRACE method. flag \| others \| Other HTTP methods. flag \| connect \| HTTP CONNECT method.
method_method_policy_pattern string		URL pattern.
method_method_policy_regex string	Choices: disable enable	Enable/disable regular expression based pattern match. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
method_severity string	Choices: low medium high	Severity. choice \| low \| low severity choice \| medium \| medium severity choice \| high \| High severity
method_status string	Choices: disable enable	Status. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
mode string	Choices: add ← set delete update	Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values
name string		WAF Profile name.
signature string		EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
signature_credit_card_detection_threshold string		The minimum number of Credit cards to detect violation.
signature_custom_signature_action string	Choices: allow block erase	Action. choice \| allow \| Allow. choice \| block \| Block. choice \| erase \| Erase credit card numbers.
signature_custom_signature_case_sensitivity string	Choices: disable enable	Case sensitivity in pattern. choice \| disable \| Case insensitive in pattern. choice \| enable \| Case sensitive in pattern.
signature_custom_signature_direction string	Choices: request response	Traffic direction. choice \| request \| Match HTTP request. choice \| response \| Match HTTP response.
signature_custom_signature_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
signature_custom_signature_name string		Signature name.
signature_custom_signature_pattern string		Match pattern.
signature_custom_signature_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
signature_custom_signature_status string	Choices: disable enable	Status. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
signature_custom_signature_target string	Choices: arg arg-name req-body req-cookie req-cookie-name req-filename req-header req-header-name req-raw-uri req-uri resp-body resp-hdr resp-status	Match HTTP target. FLAG Based Options. Specify multiple in list form. flag \| arg \| HTTP arguments. flag \| arg-name \| Names of HTTP arguments. flag \| req-body \| HTTP request body. flag \| req-cookie \| HTTP request cookies. flag \| req-cookie-name \| HTTP request cookie names. flag \| req-filename \| HTTP request file name. flag \| req-header \| HTTP request headers. flag \| req-header-name \| HTTP request header names. flag \| req-raw-uri \| Raw URI of HTTP request. flag \| req-uri \| URI of HTTP request. flag \| resp-body \| HTTP response body. flag \| resp-hdr \| HTTP response headers. flag \| resp-status \| HTTP response status.
signature_disabled_signature string		Disabled signatures
signature_disabled_sub_class string		Disabled signature subclasses.
signature_main_class_action string	Choices: allow block erase	Action. choice \| allow \| Allow. choice \| block \| Block. choice \| erase \| Erase credit card numbers.
signature_main_class_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
signature_main_class_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.
signature_main_class_status string	Choices: disable enable	Status. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
url_access string		EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
url_access_access_pattern_negate string	Choices: disable enable	Enable/disable match negation. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
url_access_access_pattern_pattern string		URL pattern.
url_access_access_pattern_regex string	Choices: disable enable	Enable/disable regular expression based pattern match. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
url_access_access_pattern_srcaddr string		Source address.
url_access_action string	Choices: bypass permit block	Action. choice \| bypass \| Allow the HTTP request, also bypass further WAF scanning. choice \| permit \| Allow the HTTP request, and continue further WAF scanning. choice \| block \| Block HTTP request.
url_access_address string		Host address.
url_access_log string	Choices: disable enable	Enable/disable logging. choice \| disable \| Disable setting. choice \| enable \| Enable setting.
url_access_severity string	Choices: low medium high	Severity. choice \| low \| Low severity. choice \| medium \| Medium severity. choice \| high \| High severity.

Notes ¶

Note

Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.

Examples ¶

- name: DELETE Profile
  community.fortios.fmgr_secprof_waf:
    name: "Ansible_WAF_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "delete"

- name: CREATE Profile
  community.fortios.fmgr_secprof_waf:
    name: "Ansible_WAF_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "set"

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
api_result string	always	full API response, includes status code and message

Authors¶

Luke Weighall (@lweighall)
Andrew Welsh (@Ghilli3)
Jim Huber (@p4r4n0y1ng)

community.fortios.fmgr_secprof_waf – FortiManager web application firewall security profile¶

Synopsis¶

Parameters¶

Notes¶

Examples¶

Return Values¶