f5networks.f5_modules.bigip_asm_dos_application module – Manage application settings for a DOS profile
Note
This module is part of the f5networks.f5_modules collection (version 1.17.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install f5networks.f5_modules
.
To use it in a playbook, specify: f5networks.f5_modules.bigip_asm_dos_application
.
New in version 1.0.0: of f5networks.f5_modules
Parameters
Parameter |
Comments |
---|---|
Manages the geolocations countries whitelist, blacklist. |
|
A list of countries to be put on the blacklist, must not have overlapping elements with |
|
A list of countries to be put on the whitelist, must not have overlapping elements with |
|
Manages Heavy URL protection. Heavy URLs are a small number of site URLs that might consume considerable server resources per request. |
|
Enables or disables automatic heavy URL detection. Choices:
|
|
Specifies a list of URLs or wildcards to exclude from the heavy URLs. |
|
Configures additional URLs to include in the heavy URLs that were auto-detected. |
|
Specifies the threshold of requests per second, where the URL in question is considered under attack. The acceptable range is between 1 and 4294967295 inclusive, or |
|
Specifies the URL to be added to the list of heavy URLs, in addition to those automatically detected. |
|
Specifies the latency threshold for automatic heavy URL detection. The acceptable range is between 0 and 4294967295 miliseconds inclusive. |
|
Configures detection of mobile applications built with the Anti-Bot Mobile SDK and defines how requests from these mobile application clients are handled. |
|
When Choices:
|
|
When A publisher is identified by the certificate used to sign the application. Choices:
|
|
When A package name is the unique identifier of the mobile application. Choices:
|
|
When Choices:
|
|
When Choices:
|
|
This option has no effect when Specifies the allowed publisher certificates for android applications. The publisher certificate needs to be installed on the BIG-IP beforehand. The certificate name located on a different partition than the one specified in the |
|
Action to take when a CAPTCHA or Client Side Integrity challenge needs to be presented. The mobile application user will not see a CAPTCHA challenge and the mobile application will not be presented with the Client Side Integrity challenge. The such options for mobile applications are When When Choices:
|
|
When When Choices:
|
|
Specifies the names of iOS packages to allow traffic on. This option has no effect when |
|
Device partition to manage resources on. Default: “Common” |
|
Specifies the name of the profile to manage application settings in. |
|
A dict object containing connection details. |
|
Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. |
|
If You may omit this option by setting the environment variable Previously used variable Choices:
|
|
The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable |
|
The BIG-IP host. You may omit this option by setting the environment variable |
|
The BIG-IP server port. You may omit this option by setting the environment variable Default: 443 |
|
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error. |
|
Configures the transport connection to use when connecting to the remote device. Choices:
|
|
The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable |
|
If You may omit this option by setting the environment variable Choices:
|
|
Specifies the duration of the RTBH BGP route advertisement, in seconds. The acceptable range is between 0 and 4294967295 inclusive. |
|
Specifies whether to enable Remote Triggered Black Hole Choices:
|
|
Specifies the duration of the Traffic Scrubbing BGP route advertisement, in seconds. The acceptable range is between 0 and 4294967295 inclusive. |
|
Specifies whether to enable Traffic Scrubbing during attacks by advertising BGP routes. Choices:
|
|
Specifies, when Choices:
|
|
When When Choices:
|
|
Specifies, when Choices:
|
Notes
Note
Requires BIG-IP >= 13.1.0
For more information on using Ansible to manage F5 Networks devices see https://www.ansible.com/integrations/networks/f5.
Requires BIG-IP software version >= 12.
The F5 modules only manipulate the running configuration of the F5 product. To ensure that BIG-IP specific configuration persists to disk, be sure to include at least one task that uses the f5networks.f5_modules.bigip_config module to save the running configuration. Refer to the module’s documentation for the correct usage of the module to save your running configuration.
Examples
- name: Create an ASM dos application profile
bigip_asm_dos_application:
profile: dos_foo
geolocations:
blacklist:
- Afghanistan
- Andora
whitelist:
- Cuba
heavy_urls:
auto_detect: yes
latency_threshold: 1000
rtbh_duration: 3600
rtbh_enable: yes
single_page_application: yes
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Update an ASM dos application profile
bigip_asm_dos_application:
profile: dos_foo
mobile_detection:
enabled: yes
allow_any_ios_package: yes
allow_emulators: yes
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Remove an ASM dos application profile
bigip_asm_dos_application:
profile: dos_foo
state: absent
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Specifies geolocations countries whitelist, blacklist. Returned: changed Sample: “hash/dictionary of values” |
|
A list of countries to be put on the blacklist. Returned: changed Sample: [“Russia”, “Germany”] |
|
A list of countries to be put on the whitelist. Returned: changed Sample: [“United States, United Kingdom”] |
|
Manages Heavy URL protection. Returned: changed Sample: “hash/dictionary of values” |
|
Enables or disables automatic heavy URL detection. Returned: changed Sample: true |
|
Specifies a list of URLs or wildcards to exclude from the heavy URLs. Returned: changed Sample: [“/exclude.html”, “/exclude2.html”] |
|
Configures additional URLs to include in the heavy URLs. Returned: changed Sample: “hash/dictionary of values” |
|
The threshold of requests per second. Returned: changed Sample: “auto” |
|
The URL to be added to the list of heavy URLs. Returned: changed Sample: “/include.html” |
|
Specifies the latency threshold for automatic heavy URL detection. Returned: changed Sample: 2000 |
|
Configures detection of mobile applications built with the Anti-Bot Mobile SDK. Returned: changed Sample: “hash/dictionary of values” |
|
Allows traffic from rooted Android devices. Returned: changed Sample: false |
|
Allows any application publisher. Returned: changed Sample: false |
|
Allows any iOS package. Returned: changed Sample: true |
|
Allows traffic from applications run on emulators. Returned: changed Sample: true |
|
Allows traffic from jailbroken iOS devices. Returned: changed Sample: false |
|
The allowed publisher certificates for android applications. Returned: changed Sample: [“/Common/cert1.crt”, “/Common/cert2.crt”] |
|
Action to take when a CAPTCHA or Client Side Integrity challenge needs to be presented. Returned: changed Sample: “pass” |
|
Enables or disables automatic mobile detection. Returned: changed Sample: true |
|
The names of iOS packages to allow traffic on. Returned: changed Sample: [“package1”, “package2”] |
|
The duration of the RTBH BGP route advertisement. Returned: changed Sample: 3600 |
|
Enables Remote Triggered Black Hole of attacking IPs. Returned: changed Sample: false |
|
The duration of the Traffic Scrubbing BGP route advertisement. Returned: changed Sample: 3600 |
|
Enables Traffic Scrubbing during attacks. Returned: changed Sample: true |
|
Enables support of Single Page Applications. Returned: changed Sample: false |
|
Activates an Application DoS iRule event. Returned: changed Sample: true |
Authors
Wojciech Wypior (@wojtek0806)