fwebos_waf_syntax.py – Config FortiWeb Web Protection SQL/XSS Syntax Based Detetction¶

New in version 1.0.1.

Synopsis
Requirements
FortiWeb Version Compatibility
Parameters
Examples
Return Values
Status
Authors

Synopsis ¶

Config FortiWeb Web Protection SQL/XSS Syntax Based Detetction

Requirements ¶

The below requirements are needed on the host that executes this module.

ansible>=2.11

FortiWeb Version Compatibility ¶

	`v7.0.0`	`v7.0.1`	`v7.0.2`	`v7.0.3`
fwebos_waf_syntax.py	yes	yes	yes	yes

Parameters ¶

body Possible parameters to go in the body for the request required: True

name name type:string maxLength:63
detection-target-sql detection targets during SQL injection detection type:string choice: ARGS_NAMES, ARGS_VALUE, REQUEST_COOKIES, REQUEST_USER_AGENT, REQUEST_REFERER, OTHER_REQUEST_HEADERS,
detection-target-xss detection targets during XSS injection detection type:string choice: ARGS_NAMES, ARGS_VALUE, REQUEST_COOKIES, REQUEST_USER_AGENT, REQUEST_REFERER, OTHER_REQUEST_HEADERS,
sql-detection-template SQL injection detection template type:string choice: SINGLE_QUOTE, DOUBLE_QUOTE, AS_IS,
xss-html-tag-based-status status type:string choice: enable, disable,
xss-html-tag-based-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
xss-html-tag-based-block-period block period(1-3600) type:integer maximum:3600 minimum:1
xss-html-tag-based-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
xss-html-tag-based-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
xss-html-tag-based-trigger choose Email or syslog policy type:string
xss-html-tag-based-check-level check level type:string choice: strict, moderate,
xss-html-attribute-based-status status type:string choice: enable, disable,
xss-html-attribute-based-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
xss-html-attribute-based-block-period block period(1-3600) type:integer maximum:3600 minimum:1
xss-html-attribute-based-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
xss-html-attribute-based-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
xss-html-attribute-based-trigger choose Email or syslog policy type:string
xss-html-css-based-status status type:string choice: enable, disable,
xss-html-css-based-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
xss-html-css-based-block-period block period(1-3600) type:integer maximum:3600 minimum:1
xss-html-css-based-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
xss-html-css-based-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
xss-html-css-based-trigger choose Email or syslog policy type:string
xss-javascript-function-based-status status type:string choice: enable, disable,
xss-javascript-function-based-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
xss-javascript-function-based-block-period block period(1-3600) type:integer maximum:3600 minimum:1
xss-javascript-function-based-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
xss-javascript-function-based-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
xss-javascript-function-based-trigger choose Email or syslog policy type:string
xss-javascript-variable-based-status status type:string choice: enable, disable,
xss-javascript-variable-based-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
xss-javascript-variable-based-block-period block period(1-3600) type:integer maximum:3600 minimum:1
xss-javascript-variable-based-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
xss-javascript-variable-based-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
xss-javascript-variable-based-trigger choose Email or syslog policy type:string
sql-stacked-queries-status status type:string choice: enable, disable,
sql-stacked-queries-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
sql-stacked-queries-block-period block period(1-3600) type:integer maximum:3600 minimum:1
sql-stacked-queries-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
sql-stacked-queries-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
sql-stacked-queries-trigger choose Email or syslog policy type:string
sql-embeded-queries-status status type:string choice: enable, disable,
sql-embeded-queries-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
sql-embeded-queries-block-period block period(1-3600) type:integer maximum:3600 minimum:1
sql-embeded-queries-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
sql-embeded-queries-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
sql-embeded-queries-trigger choose Email or syslog policy type:string
sql-condition-based-status status type:string choice: enable, disable,
sql-condition-based-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
sql-condition-based-block-period block period(1-3600) type:integer maximum:3600 minimum:1
sql-condition-based-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
sql-condition-based-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
sql-condition-based-trigger choose Email or syslog policy type:string
sql-arithmetic-operation-status status type:string choice: enable, disable,
sql-arithmetic-operation-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
sql-arithmetic-operation-block-period block period(1-3600) type:integer maximum:3600 minimum:1
sql-arithmetic-operation-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
sql-arithmetic-operation-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
sql-arithmetic-operation-trigger choose Email or syslog policy type:string
sql-line-comments-status status type:string choice: enable, disable,
sql-line-comments-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
sql-line-comments-block-period block period(1-3600) type:integer maximum:3600 minimum:1
sql-line-comments-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
sql-line-comments-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
sql-line-comments-trigger choose Email or syslog policy type:string
sql-function-based-status status type:string choice: enable, disable,
sql-function-based-action action type:string choice: alert, redirect, deny_no_log, alert_deny, block-period, send_http_response, client-id-block-period,
sql-function-based-block-period block period(1-3600) type:integer maximum:3600 minimum:1
sql-function-based-severity severity:High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
sql-function-based-threat-weight threat weight type:string choice: informational, low, moderate, substantial, severe, critical,
sql-function-based-trigger choose Email or syslog policy type:string
exception-element-list list of exception elements
type:array
- id id
- match-target match targets
- operator operator
- ip IP range
- value-name value name
- value-check disable/enable
- value value
- concatenate-type concatenate relationship with the previous filter rule
- attack-type attack type
mkey If present, objects will be filtered on property with this name type:string
vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string

Examples ¶

- name:
hosts: all
vars:
connection: httpapi
gather_facts: false
tasks:
  - name: delete certificate hpkp
    fwebos_waf_syntax:
     action: delete
     name: 123

  - name: Create certificate hpkp
    fwebos_waf_syntax:
     action: add
     sql_arithmetic_operation_block_period: 600
     sql_stacked_queries_threat_weight: severe
     sql_embeded_queries_block_period: 600
     sql_arithmetic_operation_status: enable
     sql_condition_based_severity: High
     xss_html_attribute_based_block_period: 600
     xss_html_tag_based_trigger: ""
     sql_condition_based_threat_weight_value: 4
     sql_function_based_severity: High
     xss_javascript_function_based_block_period: 600
     xss_html_attribute_based_threat_weight_value: 4
     xss_html_attribute_based_threat_weight: severe
     sql_embeded_queries_trigger: ""
     sql_line_comments_status: enable
     xss_javascript_variable_based_trigger:
     sql_line_comments_threat_weight_value: 4
     xss_html_tag_based_block_period: 600
     sql_arithmetic_operation_severity: High
     sql_embeded_queries_status: enable
     sql_condition_based_threat_weight: severe
     xss_html_attribute_based_severity: High
     sql_condition_based_status: enable
     sql_stacked_queries_trigger: ""
     xss_html_css_based_status: enable
     xss_javascript_variable_based_block_period: 600
     xss_html_attribute_based_action: alert_deny
     detection_target_sql: ARGS_NAMES ARGS_VALUE REQUEST_COOKIES
     sql_stacked_queries_threat_weight_value: 4
     sql_embeded_queries_threat_weight: severe
     sql_stacked_queries_status: enable
     sql_function_based_threat_weight: severe
     xss_javascript_variable_based_threat_weight: severe
     sz_exception_element_list: 0
     xss_html_tag_based_threat_weight: severe
     sql_stacked_queries_action: alert_deny
     xss_javascript_variable_based_threat_weight_value: 4
     sql_arithmetic_operation_action: alert_deny
     sql_condition_based_block_period: 600
     sql_function_based_status: enable
     sql_embeded_queries_severity: High
     sql_embeded_queries_action: alert_deny
     sql_arithmetic_operation_trigger:
     xss_html_tag_based_action: alert_deny
     xss_html_tag_based_status: enable
     sql_stacked_queries_severity: High
     sql_arithmetic_operation_threat_weight_value: 4
     sql_function_based_threat_weight_value: 4
     xss_html_css_based_trigger: ""
     xss_html_tag_based_severity: High
     xss_javascript_function_based_severity: High
     sql_function_based_trigger: ""
     sql_line_comments_trigger: ""
     xss_html_css_based_block_period: 600
     xss_javascript_variable_based_action: alert_deny
     xss_javascript_function_based_threat_weight_value: 4
     xss_javascript_function_based_status: enable
     detection_target_xss: ARGS_NAMES ARGS_VALUE REQUEST_COOKIES
     xss_javascript_function_based_threat_weight: severe
     sql_embeded_queries_threat_weight_value: 4
     xss_javascript_variable_based_status: enable
     xss_javascript_function_based_trigger:
     xss_html_css_based_threat_weight: severe
     sql_condition_based_action: alert_deny
     xss_javascript_variable_based_severity: High
     sql_stacked_queries_block_period: 600
     sql_line_comments_action: alert_deny
     xss_html_tag_based_check_level: strict
     name: test4
     xss_html_tag_based_threat_weight_value: 4
     sql_arithmetic_operation_threat_weight: severe
     xss_html_css_based_severity: High
     sql_function_based_block_period: 600
     xss_html_css_based_action: alert_deny
     sql_line_comments_threat_weight: severe
     sql_function_based_action: alert_deny
     xss_javascript_function_based_action: alert_deny
     sql_line_comments_block_period: 600
     sql_condition_based_trigger: ""
     xss_html_attribute_based_status: enable
     sql_line_comments_severity: High
     xss_html_css_based_threat_weight_value: 4
     xss_html_attribute_based_trigger: ""
     vdom: root

  - name: edit certificate hpkp
    fwebos_waf_syntax:
     action: edit
     sql_arithmetic_operation_block_period: 600
     sql_stacked_queries_threat_weight: severe
     sql_embeded_queries_block_period: 600
     sql_arithmetic_operation_status: enable
     sql_condition_based_severity: High
     xss_html_attribute_based_block_period: 600
     xss_html_tag_based_trigger:
     sql_condition_based_threat_weight_value: 4
     sql_function_based_severity: High
     xss_javascript_function_based_block_period: 600
     xss_html_attribute_based_threat_weight_value: 4
     xss_html_attribute_based_threat_weight: severe
     sql_embeded_queries_trigger:
     sql_line_comments_status: enable
     xss_javascript_variable_based_trigger:
     sql_line_comments_threat_weight_value: 4
     xss_html_tag_based_block_period: 600
     sql_arithmetic_operation_severity: High
     sql_embeded_queries_status: enable
     sql_condition_based_threat_weight: severe
     xss_html_attribute_based_severity: High
     sql_condition_based_status: enable
     sql_stacked_queries_trigger:
     xss_html_css_based_status: enable
     xss_javascript_variable_based_block_period: 600
     xss_html_attribute_based_action: alert_deny
     detection_target_sql: ARGS_NAMES ARGS_VALUE REQUEST_COOKIES
     sql_stacked_queries_threat_weight_value: 4
     sql_embeded_queries_threat_weight: severe
     sql_stacked_queries_status: enable
     sql_function_based_threat_weight: severe
     xss_javascript_variable_based_threat_weight: severe
     sz_exception_element_list: 0
     xss_html_tag_based_threat_weight: severe
     sql_stacked_queries_action: alert_deny
     xss_javascript_variable_based_threat_weight_value: 4
     sql_arithmetic_operation_action: alert_deny
     sql_condition_based_block_period: 600
     sql_function_based_status: enable
     sql_embeded_queries_severity: High
     sql_embeded_queries_action: alert_deny
     sql_arithmetic_operation_trigger:
     xss_html_tag_based_action: alert_deny
     xss_html_tag_based_status: enable
     sql_stacked_queries_severity: High
     sql_arithmetic_operation_threat_weight_value: 4
     sql_function_based_threat_weight_value: 4
     xss_html_css_based_trigger:
     xss_html_tag_based_severity: High
     xss_javascript_function_based_severity: High
     sql_function_based_trigger:
     sql_line_comments_trigger:
     xss_html_css_based_block_period: 600
     xss_javascript_variable_based_action: alert_deny
     xss_javascript_function_based_threat_weight_value: 4
     xss_javascript_function_based_status: enable
     detection_target_xss: ARGS_NAMES ARGS_VALUE REQUEST_COOKIES
     xss_javascript_function_based_threat_weight: severe
     sql_embeded_queries_threat_weight_value: 4
     xss_javascript_variable_based_status: enable
     xss_javascript_function_based_trigger:
     xss_html_css_based_threat_weight: severe
     sql_condition_based_action: alert_deny
     xss_javascript_variable_based_severity: High
     sql_stacked_queries_block_period: 600
     sql_line_comments_action: alert_deny
     xss_html_tag_based_check_level: strict
     name: test4
     xss_html_tag_based_threat_weight_value: 4
     sql_arithmetic_operation_threat_weight: severe
     xss_html_css_based_severity: High
     sql_function_based_block_period: 600
     xss_html_css_based_action: alert_deny
     sql_line_comments_threat_weight: severe
     sql_function_based_action: alert_deny
     xss_javascript_function_based_action: alert_deny
     sql_line_comments_block_period: 600
     sql_condition_based_trigger:
     xss_html_attribute_based_status: enable
     sql_line_comments_severity: High
     xss_html_css_based_threat_weight_value: 4
     xss_html_attribute_based_trigger:
     vdom: root

Return Values ¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

200 : OK: Request returns successful
400 : Bad Request: Request cannot be processed by the API
401 : Not Authorized: Request without successful login session
403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
404 : Resource Not Found: Unable to find the specified resource.
405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
413 : Request Entity Too Large: Request cannot be processed due to large entity
424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
500 : Internal Server Error: Internal error when processing the request

For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119

Status ¶

This module is not guaranteed to have a backwards compatible interface.

Authors ¶

Jie Li
Brad Zhang

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.