fwebos_waf_csrf_protection_rule.py – Config FortiWeb CSRF Protection Rule¶
New in version 1.0.1.
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.11
FortiWeb Version Compatibility¶
v7.0.0 |
v7.0.1 |
v7.0.2 |
v7.0.3 |
|
| fwebos_waf_csrf_protection_rule.py | yes | yes | yes | yes |
Parameters¶
- body Possible parameters to go in the body for the request required: True
- name name of the CSRF protection rule type:string maxLength:63
- security_action Select which action FortiWeb takes when it detects a missing or incorrect anti-CSRF parameter. type:string choice: alert, alert_deny, deny_no_log, block-period, client-id-block-period
- block_period Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects a CSRF attack. This setting is available only if 'security_action' is set to 'block-period'. type:integer maximum:3600 minimum:1
- severity Select which severity level FortiWeb uses when it logs a CSRF attack. type:string choice: Info, Low, Medium, High
- trigger Select the trigger, if any, that FortiWeb uses when it logs or sends an alert email about a CSRF attack. type:string
- js_request_check Enabling this option will run another script to modify the page’s native XMLHttpRequest function and add the CSRF parameter tknfv onto it. type:string choice: enable, disable
- mkey If present, objects will be filtered on property with this name type:string
- vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
- clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string
Examples¶
- name:
hosts: all
vars:
connection: httpapi
gather_facts: false
tasks:
- name: add a rule
fwebos_waf_csrf_protection_rule:
action: add
severity: Info
name: c1
security_action: block-period
block_period: 777
trigger: tp1
- name: add a simple rule
fwebos_waf_csrf_protection_rule:
action: add
severity: Low
name: c2
- name: edit a rule
fwebos_waf_csrf_protection_rule:
action: edit
severity: Low
name: c2
security_action: block-period
block_period: 1234
trigger: tp1
- name: get rules
fwebos_waf_csrf_protection_rule:
action: get
name: c2
- name: delete a rule
fwebos_waf_csrf_protection_rule:
action: delete
name: c3
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- 200 : OK: Request returns successful
- 400 : Bad Request: Request cannot be processed by the API
- 401 : Not Authorized: Request without successful login session
- 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
- 404 : Resource Not Found: Unable to find the specified resource.
- 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
- 413 : Request Entity Too Large: Request cannot be processed due to large entity
- 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
- 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
- 500 : Internal Server Error: Internal error when processing the request
For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119