bigip_asm_policy_signature_set – Manages Signature Sets on ASM policy¶
New in version 2.8.
Synopsis¶
Manages Signature Sets on ASM policy.
Parameters¶
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
|
alarm
boolean
|
|
Specifies if the security policy logs the request data in the Statistics screen, when a request matches a signature that is included in the signature set.
|
|
|
block
boolean
|
|
Effective when the security policy`s enforcement mode is Blocking.
Determines how the system treats requests that match a signature included in the signature set.
When
yes the system blocks all requests that match a signature, and provides the client with a support ID number.When
no the system accepts those requests. |
|
|
learn
boolean
|
|
Specifies if the security policy learns all requests that match a signature that is included in the signature set.
|
|
|
name
string
/ required
|
Specifies the name of the signature sets to apply on or remove from the ASM policy.
Apart from built-in signature sets that ship with the device, users can use user created signature sets.
When
All Response Signatures, configures all signatures in the attack signature pool that can review responses.When
All Signatures, configures all attack signatures in the attack signature pool.When
Apache Struts Signatures, configures signatures that target attacks against the Apache Struts web servers. Only available in version 13.x and up.When
Apache Tomcat Signatures, configures signatures that target attacks against the Apache Tomcat web servers. Only available in version 13.x and up.When
Cisco Signatures, configures signatures that target attacks against Cisco systems. Only available in version 13.x and up.When
Command Execution Signatures, configures signatures involving attacks perpetrated by executing commands.When
Cross Site Scripting Signatures, configures signatures that target attacks caused by cross-site scripting techniques.When
Directory Indexing Signatures, configures signatures targeting attacks that browse directory listings.When
Generic Detection Signatures, configures signatures targeting well-known or common web and application attacks.When
HTTP Response Splitting Signatures, configures signatures targeting attacks that take advantage of responses for which input values have not been sanitized.When
High Accuracy Detection Evasion Signatures, configures signatures with a high level of accuracy that produce few false positives when identifying evasion attacks. Only available in version 13.x and up.When
High Accuracy Signatures, configures signatures with a high level of accuracy that produce few false positives when identifying evasion attacks.When
IIS and Windows Signatures, configures signatures that target attacks against IIS and Windows based systems. Only available in version 13.x and up.When
Information Leakage Signatures, configures signatures targeting attacks that are looking for system data or debugging information that shows where the system is vulnerable to attack.When
Java Servlets/JSP Signatures, configures signatures that target attacks against Java Servlets and Java Server Pages (JSP) based applications. Only available in version 13.x and up.When
Low Accuracy Signatures, configures signatures that may result in more false positives when identifying attacks.When
Medium Accuracy Signatures, configures signatures with a medium level of accuracy when identifying attacks.When
OS Command Injection Signatures, configures signatures targeting attacks that attempt to run system level commands through a vulnerable application.When
OWA Signatures, configures signatures that target attacks against the Microsoft Outlook Web Access (OWA) application.When
Other Application Attacks Signatures, configures signatures targeting miscellaneous attacks, including session fixation, local file access, injection attempts, header tampering and so on, affecting many applications.When
Path Traversal Signatures, configures signatures targeting attacks that attempt to access files and directories that are stored outside the web root folder.When
Predictable Resource Location Signatures, configures signatures targeting attacks that attempt to uncover hidden website content and functionality by forceful browsing, or by directory and file enumeration.When
Remote File Include Signatures, configures signatures targeting attacks that attempt to exploit a remote file include vulnerability that could enable a remote attacker to execute arbitrary commands on the server hosting the application.When
SQL Injection Signatures, configures signatures targeting attacks that attempt to insert (inject) a SQL query using the input data from a client to an application.When
Server Side Code Injection Signatures, configures signatures targeting code injection attacks on the server side.When
WebSphere signatures, configures signatures targeting attacks on many computing platforms that are integrated using WebSphere including general database, Microsoft Windows, IIS, Microsoft SQL Server, Apache, Oracle, Unix/Linux, IBM DB2, PostgreSQL, and XML.When
XPath Injection Signatures, configures signatures targeting attacks that attempt to gain access to data structures or bypass permissions when a web site uses user-supplied information to construct XPath queries for XML data. |
||
|
partition
string
|
Default: "Common"
|
This parameter is only used when identifying ASM policy.
|
|
|
password
string
/ required
|
The password for the user account used to connect to the BIG-IP.
You may omit this option by setting the environment variable
F5_PASSWORD.aliases: pass, pwd |
||
|
policy_name
string
/ required
|
Specifies the name of an existing ASM policy to add or remove signature sets.
|
||
|
provider
dictionary
added in 2.5 |
A dict object containing connection details.
|
||
|
password
string
/ required
|
The password for the user account used to connect to the BIG-IP.
You may omit this option by setting the environment variable
F5_PASSWORD.aliases: pass, pwd |
||
|
server
string
/ required
|
The BIG-IP host.
You may omit this option by setting the environment variable
F5_SERVER. |
||
|
server_port
integer
|
Default: 443
|
The BIG-IP server port.
You may omit this option by setting the environment variable
F5_SERVER_PORT. |
|
|
ssh_keyfile
path
|
Specifies the SSH keyfile to use to authenticate the connection to the remote device. This argument is only used for cli transports.
You may omit this option by setting the environment variable
ANSIBLE_NET_SSH_KEYFILE. |
||
|
timeout
integer
|
Default: 10
|
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
|
|
|
transport
string
|
|
Configures the transport connection to use when connecting to the remote device.
|
|
|
user
string
/ required
|
The username to connect to the BIG-IP with. This user must have administrative privileges on the device.
You may omit this option by setting the environment variable
F5_USER. |
||
|
validate_certs
boolean
|
|
If
no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.You may omit this option by setting the environment variable
F5_VALIDATE_CERTS. |
|
|
server
string
/ required
|
The BIG-IP host.
You may omit this option by setting the environment variable
F5_SERVER. |
||
|
server_port
integer
added in 2.2 |
Default: 443
|
The BIG-IP server port.
You may omit this option by setting the environment variable
F5_SERVER_PORT. |
|
|
state
string
|
|
When
present, ensures that the resource exists.When
absent, ensures the resource is removed. |
|
|
user
string
/ required
|
The username to connect to the BIG-IP with. This user must have administrative privileges on the device.
You may omit this option by setting the environment variable
F5_USER. |
||
|
validate_certs
boolean
added in 2.0 |
|
If
no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates.You may omit this option by setting the environment variable
F5_VALIDATE_CERTS. |
|
Notes¶
Note
This module is primarily used as a component of configuring ASM policy in Ansible Galaxy ASM Policy Role.
For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
Requires BIG-IP software version >= 12.
The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.
Examples¶
- name: Add Signature Set to ASM Policy
bigip_asm_policy_signature_set:
name: IIS and Windows Signatures
policy_name: FooPolicy
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Remove Signature Set to ASM Policy
bigip_asm_policy_signature_set:
name: IIS and Windows Signatures
policy_name: FooPolicy
state: absent
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
alarm
boolean
|
changed |
Specifies whether the security policy logs the request data in the Statistics screen
Sample:
True
|
|
block
boolean
|
changed |
Determines how the system treats requests that match a signature included in the signature set
|
|
learn
boolean
|
changed |
Specifies if the policy learns all requests that match a signature that is included in the signature set
Sample:
True
|
|
name
string
|
changed |
The name of Signature Set added/removed on ASM policy
Sample:
Cisco Signatures
|
|
policy_name
string
|
changed |
The name of the ASM policy
Sample:
FooPolicy
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by an Ansible Partner. [certified]