fortios_webfilter – Configure webfilter capabilities of FortiGate and FortiOS.¶
New in version 2.6.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS by allowing the user to configure webfilter feature. For now it is able to handle url and content filtering capabilities. The module uses FortiGate REST API internally to configure the device.
Requirements¶
The below requirements are needed on the host that executes this module.
- fortiosapi>=0.9.8
Parameters¶
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip adress.
|
|||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||
webfilter_content
-
|
Default: null
|
Container for a group of content-filtering entries that the FortiGate must act upon
|
||
comment
-
|
Default: null
|
Optional comments.
|
||
entries
-
|
Default: []
|
Content filter entries.
|
||
action
-
/ required
|
|
Block or exempt word when a match is found.
|
||
lang
-
/ required
|
|
Language of banned word.
|
||
name
-
/ required
|
Banned word.
|
|||
pattern-type
-
/ required
|
|
Banned word pattern type. It can be a wildcard pattern or Perl regular expression.
|
||
score
-
/ required
|
Score, to be applied every time the word appears on a web page.
|
|||
status
-
/ required
|
|
Enable/disable banned word.
|
||
id
-
/ required
|
Id of content-filter list.
|
|||
name
-
|
Name of content-filter list.
|
|||
state
-
/ required
|
|
Configures the intended state of this object on the FortiGate. When this value is set to present, the object is configured on the device and when this value is set to absent the object is removed from the device.
|
||
webfilter_url
-
|
Default: null
|
Container for a group of url entries that the FortiGate must act upon
|
||
comment
-
|
Default: null
|
Optional comments.
|
||
entries
-
|
Default: []
|
URL filter entries.
|
||
action
-
/ required
|
|
Action to take for URL filter matches.
|
||
exempt
-
/ required
|
|
If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.
|
||
id
-
/ required
|
Id of URL.
|
|||
referrer-host
-
/ required
|
Referrer host name.
|
|||
status
-
/ required
|
|
Enable/disable this URL filter.
|
||
type
-
/ required
|
|
Filter type (simple, regex, or wildcard).
|
||
url
-
/ required
|
URL to be filtered.
|
|||
web-proxy-profile
-
/ required
|
Web proxy profile.
|
|||
id
-
/ required
|
Id of URL filter list.
|
|||
ip-addr-block
-
|
|
Enable/disable blocking URLs when the hostname appears as an IP address.
|
||
name
-
/ required
|
Name of URL filter list.
|
|||
one-arm-ips-urlfilter
-
|
|
Enable/disable DNS resolver for one-arm IPS URL filter operation.
|
||
state
-
/ required
|
|
Configures the intended state of this object on the FortiGate. When this value is set to present, the object is configured on the device and when this value is set to absent the object is removed from the device.
|
Notes¶
Note
- Requires fortiosapi library developed by Fortinet
- Run as a local_action in your playbook
Examples¶
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure url to be filtered by fortigate
fortios_webfilter:
host: "{{ host }}"
username: "{{ username}}"
password: "{{ password }}"
vdom: "{{ vdom }}"
webfilter_url:
state: "present"
id: "1"
name: "default"
comment: "mycomment"
one-arm-ips-url-filter: "disable"
ip-addr-block: "disable"
entries:
- id: "1"
url: "www.test1.com"
type: "simple"
action: "exempt"
status: "enable"
exempt: "pass"
web-proxy-profile: ""
referrrer-host: ""
- id: "2"
url: "www.test2.com"
type: "simple"
action: "exempt"
status: "enable"
exempt: "pass"
web-proxy-profile: ""
referrrer-host: ""
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure web content filtering in fortigate
fortios_webfilter:
host: "{{ host }}"
username: "{{ username}}"
password: "{{ password }}"
vdom: "{{ vdom }}"
webfilter_content:
id: "1"
name: "default"
comment: ""
entries:
- name: "1"
pattern-type: "www.test45.com"
status: "enable"
lang: "western"
score: 40
action: "block"
- name: "2"
pattern-type: "www.test46.com"
status: "enable"
lang: "western"
score: 42
action: "block"
state: "present"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
key1
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation you can edit this document to improve it.