fwebos_waf_http_constraints_exceptions_list.py – Config FortiWeb Web Protection HTTP Constraints exceptions rules¶
New in version 1.0.1.
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.11
FortiWeb Version Compatibility¶
v7.0.x |
v7.2.x |
v7.4.x |
v7.6.x |
|
| fwebos_waf_http_constraints_exceptions_list.py | yes | yes | yes | yes |
Parameters¶
- body Possible parameters to go in the body for the request required: True
- table_name members type:str
- name id type:str
- max_http_body_parameter_length_val max length of body parameter type:str
- url_param_name_check url parameter name check type:str
- number_of_ranges_in_range_header_val number of ranges in range header type:str
- Post_request_ctype_check Post Request -- Missing Content Type Check type:str
- Illegal_host_name_check Illegal host name check type:str
- max_http_content_length max http content length type:str
- max_http_body_length_val max http body length type:str
- web_socket_protocol_check_val web socket protocol check type:str
- Illegal_host_name_check_val Illegal host name check type:str
- Illegal_http_request_method_check Illegal http request method check type:str
- source_ip_status source ip status type:str
- http2_max_requests http2 max requests type:str
- max_http_body_parameter_length max http body parameter length type:str
- max_url_parameter_val max url parameter type:str
- block_malformed_request_val block malformed request type:str
- max_http_request_length max http request length type:str
- number_of_ranges_in_range_header number of ranges in range header type:str
- id id type:str
- redundant_header_check redundant header check type:str
- max_url_parameter_length_val max url parameter length type:str
- Illegal_content_type_check_val Illegal content type check type:str
- max_url_param_name_len_val max url param name length type:str
- Illegal_content_length_check Illegal content length check type:str
- max_http_header_length max http header length type:str
- Illegal_byte_in_url_check_val Illegal byte in url check type:str
- Internal_resource_limits_check_val Internal resource limits check type:str
- source_ip source ipv4/ipv6/ip range. (e.g.: 1.2.3.4, 2001::1, 1.2.3.4-1.2.3.40, 2001::1-2001::100) type:str
- max_http_request_length_val max http request length type:str
- url_param_name_check_val url parameter name check type:str
- rpc_protocol_check rpc protocol check type:str
- duplicate_paramname_check_val duplicate paramname check type:str
- max_http_body_length max http body length type:str
- web_socket_protocol_check web socket protocol check type:str
- parameter_name_check parameter name check type:str
- max_url_parameter_length max url parameter length type:str
- Illegal_header_name_check Illegal header name check type:str
- url_param_value_check url parameter value check type:str
- duplicate_paramname_check duplicate parameter name check type:str
- parameter_name_check_val parameter name check type:str
- source_ip_status_val source ip status type:str
- http2_max_requests_val http2 max requests type:str
- Illegal_content_length_check_val Illegal content length check type:str
- request_type request type type:str
- max_url_param_name_len max url parameter name length type:str
- max_url_param_value_len_val max url parameter value length type:str
- max_header_line_request_val max header line request type:str
- odd_and_even_space_attack_check_val odd and even space attack check type:str
- parameter_value_check_val parameter value check type:str
- max_http_header_value_length max http header value length type:str
- max_url_parameter max url parameter type:str
- host host type:str
- max_http_header_name_length max http header name length type:str
- odd_and_even_space_attack_check odd and even space attack check type:str
- max_http_content_length_val max http content length type:str
- request_type_val request type type:str
- Illegal_http_request_method_check_val Illegal http request method check type:str
- max_cookie_in_request_val max cookie in request type:str
- rpc_protocol_check_val rpc protocol check type:str
- Illegal_header_value_check Illegal header value check type:str
- parameter_value_check parameter value check type:str
- max_header_line_request max header line request type:str
- max_http_header_value_length_val max http header value length type:str
- null_byte_in_url_check null byte in url check type:str
- host_status host status type:str
- max_http_header_length_val max http header length type:str
- null_byte_in_url_check_val null byte in url check type:str
- block_malformed_request block malformed request type:str
- Internal_resource_limits_check Internal resource limits check type:str
- request_file request file type:str
- redundant_header_check_val redundant header check type:str
- Illegal_header_name_check_val Illegal header name check type:str
- url_param_value_check_val url parameter value check type:str
- max_http_header_name_length_val max http header name length type:str
- Post_request_ctype_check_val Post request ctype check type:str
- host_status_val host status type:str
- max_http_request_filename_length max http request filename length type:str
- Illegal_header_value_check_val Illegal header value check type:str
- max_url_param_value_len max url param value length type:str
- max_http_request_filename_length_val max http request filename length type:str
- Illegal_content_type_check Illegal content type check type:str
- max_cookie_in_request max cookie in request type:str
- Illegal_byte_in_url_check Illegal byte in url check type:str
- mkey If present, objects will be filtered on property with this name type:string
- vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
- clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string
Examples¶
- name:
hosts: all
vars:
connection: httpapi
gather_facts: false
tasks:
- name: delete
fwebos_waf_http_constraints_exceptions_list:
action: delete
table_name: test4
name: 1
vdom: root
- name: Create
fwebos_waf_http_constraints_exceptions_list:
action: add
table_name: test4
vdom: root
max_http_body_parameter_length_val: 0
url_param_name_check: disable
number_of_ranges_in_range_header_val: 0
Post_request_ctype_check: disable
Illegal_host_name_check: disable
max_http_content_length: disable
max_http_body_length_val: 0
web_socket_protocol_check_val: 0
Illegal_host_name_check_val: 0
Illegal_http_request_method_check: disable
source_ip_status: enable
http2_max_requests: disable
max_http_body_parameter_length: disable
max_url_parameter_val: 0
block_malformed_request_val: 0
max_http_request_length: disable
number_of_ranges_in_range_header: disable
id: 0
redundant_header_check: disable
max_url_parameter_length_val: 0
Illegal_content_type_check_val: 0
max_url_param_name_len_val: 0
Illegal_content_length_check: disable
max_http_header_length: disable
Illegal_byte_in_url_check_val: 0
Internal_resource_limits_check_val: 0
source_ip: 2.2.2.2
max_http_request_length_val: 0
url_param_name_check_val: 0
rpc_protocol_check: disable
duplicate_paramname_check_val: 0
max_http_body_length: disable
web_socket_protocol_check: disable
parameter_name_check: disable
max_url_parameter_length: disable
Illegal_header_name_check: disable
url_param_value_check: disable
duplicate_paramname_check: disable
parameter_name_check_val: 0
source_ip_status_val: 0
http2_max_requests_val: 0
Illegal_content_length_check_val: 0
request_type: plain
max_url_param_name_len: disable
max_url_param_value_len_val: 0
max_header_line_request_val: 0
odd_and_even_space_attack_check_val: 0
parameter_value_check_val: 0
max_http_header_value_length: disable
max_url_parameter: disable
host: 1.1.1.1
max_http_header_name_length: disable
odd_and_even_space_attack_check: disable
max_http_content_length_val: 0
request_type_val: 0
Illegal_http_request_method_check_val: 0
max_cookie_in_request_val: 0
rpc_protocol_check_val: 0
Illegal_header_value_check: disable
parameter_value_check: disable
max_header_line_request: disable
max_http_header_value_length_val: 0
q_type: 0
null_byte_in_url_check: disable
host_status: enable
max_http_header_length_val: 0
null_byte_in_url_check_val: 0
block_malformed_request: disable
Internal_resource_limits_check: disable
request_file: /test_string
redundant_header_check_val: 0
Illegal_header_name_check_val: 0
url_param_value_check_val: 0
max_http_header_name_length_val: 0
Post_request_ctype_check_val: 0
host_status_val: 0
max_http_request_filename_length: disable
Illegal_header_value_check_val: 0
max_url_param_value_len: disable
max_http_request_filename_length_val: 0
Illegal_content_type_check: disable
max_cookie_in_request: disable
Illegal_byte_in_url_check: disable
- name: edit
fwebos_waf_http_constraints_exceptions_list:
action: edit
table_name: test4
name: 1
vdom: root
max_http_body_parameter_length_val: 0
url_param_name_check: disable
number_of_ranges_in_range_header_val: 0
Post_request_ctype_check: disable
Illegal_host_name_check: disable
max_http_content_length: disable
max_http_body_length_val: 0
web_socket_protocol_check_val: 0
Illegal_host_name_check_val: 0
Illegal_http_request_method_check: disable
source_ip_status: enable
http2_max_requests: disable
max_http_body_parameter_length: disable
max_url_parameter_val: 0
block_malformed_request_val: 0
max_http_request_length: disable
number_of_ranges_in_range_header: disable
id: 0
redundant_header_check: disable
max_url_parameter_length_val: 0
Illegal_content_type_check_val: 0
max_url_param_name_len_val: 0
Illegal_content_length_check: disable
max_http_header_length: disable
Illegal_byte_in_url_check_val: 0
Internal_resource_limits_check_val: 0
source_ip: 2.2.2.2
max_http_request_length_val: 0
url_param_name_check_val: 0
rpc_protocol_check: disable
duplicate_paramname_check_val: 0
max_http_body_length: disable
web_socket_protocol_check: disable
parameter_name_check: disable
max_url_parameter_length: disable
Illegal_header_name_check: disable
url_param_value_check: disable
duplicate_paramname_check: disable
parameter_name_check_val: 0
source_ip_status_val: 0
http2_max_requests_val: 0
Illegal_content_length_check_val: 0
request_type: plain
max_url_param_name_len: disable
max_url_param_value_len_val: 0
max_header_line_request_val: 0
odd_and_even_space_attack_check_val: 0
parameter_value_check_val: 0
max_http_header_value_length: disable
max_url_parameter: disable
host: 1.1.1.1
max_http_header_name_length: disable
odd_and_even_space_attack_check: disable
max_http_content_length_val: 0
request_type_val: 0
Illegal_http_request_method_check_val: 0
max_cookie_in_request_val: 0
rpc_protocol_check_val: 0
Illegal_header_value_check: disable
parameter_value_check: disable
max_header_line_request: disable
max_http_header_value_length_val: 0
q_type: 0
null_byte_in_url_check: disable
host_status: enable
max_http_header_length_val: 0
null_byte_in_url_check_val: 0
block_malformed_request: disable
Internal_resource_limits_check: disable
request_file: /test_string
redundant_header_check_val: 0
Illegal_header_name_check_val: 0
url_param_value_check_val: 0
max_http_header_name_length_val: 0
Post_request_ctype_check_val: 0
host_status_val: 0
max_http_request_filename_length: disable
Illegal_header_value_check_val: 0
max_url_param_value_len: disable
max_http_request_filename_length_val: 0
Illegal_content_type_check: disable
max_cookie_in_request: disable
Illegal_byte_in_url_check: disable
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- 200 : OK: Request returns successful
- 400 : Bad Request: Request cannot be processed by the API
- 401 : Not Authorized: Request without successful login session
- 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
- 404 : Resource Not Found: Unable to find the specified resource.
- 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
- 413 : Request Entity Too Large: Request cannot be processed due to large entity
- 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
- 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
- 500 : Internal Server Error: Internal error when processing the request
For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119