fwebos_waf_known_bots.py – Config FortiWeb Known Bots¶
New in version 1.0.1.
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.11
FortiWeb Version Compatibility¶
v7.0.x |
v7.2.x |
v7.4.x |
v7.6.x |
|
| fwebos_waf_known_bots.py | yes | yes | yes | yes |
Parameters¶
- body Possible parameters to go in the body for the request required: True
- name A unique name that can be referenced in other parts of the configuration. type:string maxLength:63
- dos_status Enable or disable the DoS Bot check for this rule. type:string choice: enable, disable
- dos_action Select the action that FortiWeb takes when it detects a DoS Bot violation of the rule. type:string choice: bypass, alert alert_deny, redirect, deny_no_log, block-period, send_http_response
- dos_severity Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. type:string choice: Low, Medium, High, Info
- dos_threat_weight Set the weight for the threat. type:string choice: informational, low, moderate, substantial, severe, critical
- dos_trigger Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of each rule. type:string maxLength:63
- dos_block_period The number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule. Only available when 'dos_action' is 'block-period'. type:string maxLength:63
- spam_status Enable or disable the Spam Bot check for this rule. type:string choice: enable, disable
- spam_action Select the action that FortiWeb takes when it detects a spam Bot violation of the rule. type:string choice: bypass, alert alert_deny, redirect, deny_no_log, block-period, send_http_response
- spam_severity Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. type:string choice: Low, Medium, High, Info
- spam_threat_weight Set the weight for the threat. type:string choice: informational, low, moderate, substantial, severe, critical
- spam_trigger Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of each rule. type:string maxLength:63
- spam_block_period The number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule. Only available when 'spam_action' is 'block-period'. type:string maxLength:63
- trojan_status Enable or disable the trojan Bot check for this rule. type:string choice: enable, disable
- trojan_action Select the action that FortiWeb takes when it detects a trojan Bot violation of the rule. type:string choice: bypass, alert alert_deny, redirect, deny_no_log, block-period, send_http_response
- trojan_severity Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. type:string choice: Low, Medium, High, Info
- trojan_threat_weight Set the weight for the threat. type:string choice: informational, low, moderate, substantial, severe, critical
- trojan_trigger Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of each rule. type:string maxLength:63
- trojan_block_period The number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule. Only available when 'trojan_action' is 'block-period'. type:string maxLength:63
- scanner_status Enable or disable the scanner Bot check for this rule. type:string choice: enable, disable
- scanner_action Select the action that FortiWeb takes when it detects a scanner Bot violation of the rule. type:string choice: bypass, alert alert_deny, redirect, deny_no_log, block-period, send_http_response
- scanner_severity Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. type:string choice: Low, Medium, High, Info
- scanner_threat_weight Set the weight for the threat. type:string choice: informational, low, moderate, substantial, severe, critical
- scanner_trigger Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of each rule. type:string maxLength:63
- scanner_block_period The number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule. Only available when 'scanner_action' is 'block-period'. type:string maxLength:63
- crawler_status Enable or disable the crawler Bot check for this rule. type:string choice: enable, disable
- crawler_action Select the action that FortiWeb takes when it detects a crawler Bot violation of the rule. type:string choice: bypass, alert alert_deny, redirect, deny_no_log, block-period, send_http_response
- crawler_severity Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. type:string choice: Low, Medium, High, Info
- crawler_threat_weight Set the weight for the threat. type:string choice: informational, low, moderate, substantial, severe, critical
- crawler_trigger Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of each rule. type:string maxLength:63
- crawler_block_period The number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule. Only available when 'crawler_action' is 'block-period'. type:string maxLength:63
- known_engines_status Enable or disable the known_engines Bot check for this rule. type:string choice: enable, disable
- known_engines_action Select the action that FortiWeb takes when it detects a known_engines Bot violation of the rule. type:string choice: bypass, alert alert_deny, redirect, deny_no_log, block-period, send_http_response
- known_engines_severity Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. type:string choice: Low, Medium, High, Info
- known_engines_threat_weight Set the weight for the threat. type:string choice: informational, low, moderate, substantial, severe, critical
- known_engines_trigger Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of each rule. type:string maxLength:63
- known_engines_block_period The number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule. Only available when 'known_engines_action' is 'block-period'. type:string maxLength:63
- marketing_status Enable or disable the marketing Bot check for this rule. type:string choice: enable, disable
- marketing_action Select the action that FortiWeb takes when it detects a marketing Bot violation of the rule. type:string choice: bypass, alert alert_deny, redirect, deny_no_log, block-period, send_http_response
- marketing_severity Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. type:string choice: Low, Medium, High, Info
- marketing_threat_weight Set the weight for the threat. type:string choice: informational, low, moderate, substantial, severe, critical
- marketing_trigger Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of each rule. type:string maxLength:63
- marketing_block_period The number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule. Only available when 'marketing_action' is 'block-period'. type:string maxLength:63
- page_preview_status Enable or disable the page_preview Bot check for this rule. type:string choice: enable, disable
- page_preview_action Select the action that FortiWeb takes when it detects a page_preview Bot violation of the rule. type:string choice: bypass, alert alert_deny, redirect, deny_no_log, block-period, send_http_response
- page_preview_severity Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. type:string choice: Low, Medium, High, Info
- page_preview_threat_weight Set the weight for the threat. type:string choice: informational, low, moderate, substantial, severe, critical
- page_preview_trigger Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of each rule. type:string maxLength:63
- page_preview_block_period The number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule. Only available when 'page_preview_action' is 'block-period'. type:string maxLength:63
- feed_fetcher_status Enable or disable the feed_fetcher Bot check for this rule. type:string choice: enable, disable
- feed_fetcher_action Select the action that FortiWeb takes when it detects a feed_fetcher Bot violation of the rule. type:string choice: bypass, alert alert_deny, redirect, deny_no_log, block-period, send_http_response
- feed_fetcher_severity Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. type:string choice: Low, Medium, High, Info
- feed_fetcher_threat_weight Set the weight for the threat. type:string choice: informational, low, moderate, substantial, severe, critical
- feed_fetcher_trigger Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of each rule. type:string maxLength:63
- feed_fetcher_block_period The number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule. Only available when 'feed_fetcher_action' is 'block-period'. type:string maxLength:63
- likely_good_bot_status Enable or disable the likely_good_bot Bot check for this rule. type:string choice: enable, disable
- likely_good_bot_action Select the action that FortiWeb takes when it detects a likely_good_bot Bot violation of the rule. type:string choice: bypass, alert alert_deny, redirect, deny_no_log, block-period, send_http_response
- likely_good_bot_severity Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. type:string choice: Low, Medium, High, Info
- likely_good_bot_threat_weight Set the weight for the threat. type:string choice: informational, low, moderate, substantial, severe, critical
- likely_good_bot_trigger Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of each rule. type:string maxLength:63
- likely_good_bot_block_period The number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule. Only available when 'likely_good_bot_action' is 'block-period'. type:string maxLength:63
- mkey If present, objects will be filtered on property with this name type:string
- vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
- clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string
Examples¶
- name:
hosts: all
vars:
connection: httpapi
gather_facts: false
tasks:
- name: add a known bot profile
fwebos_waf_known_bots:
action: add
name: Bot1
dos_status: enable
dos_action: alert_deny
dos_block_period: 600
dos_severity: Low
dos_threat_weight: critical
- name: edit a known bot profile
fwebos_waf_known_bots:
action: edit
name: Bot1
feed_fetcher_status: enable
feed_fetcher_action: redirect
feed_fetcher_severity: Info
feed_fetcher_threat_weight: moderate #substantial
- name: get a known bot profile
fwebos_waf_known_bots:
action: get
name: Bot1
- name: delete a known bot profile
fwebos_waf_known_bots:
action: delete
name: Bot1
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- 200 : OK: Request returns successful
- 400 : Bad Request: Request cannot be processed by the API
- 401 : Not Authorized: Request without successful login session
- 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
- 404 : Resource Not Found: Unable to find the specified resource.
- 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
- 413 : Request Entity Too Large: Request cannot be processed due to large entity
- 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
- 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
- 500 : Internal Server Error: Internal error when processing the request
For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119