fwebos_waf_site_publish_policy.py – Config FortiWeb Published Site Policy

New in version 1.0.1.

Synopsis

Config FortiWeb Published Site Policy

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.11

FortiWeb Version Compatibility


v7.0.x v7.2.x v7.4.x v7.6.x
fwebos_waf_site_publish_policy.py yes yes yes yes

Parameters

  • body Possible parameters to go in the body for the request required: True
    • name A unique name that can be referenced in other parts of the configuration. type:string maxLength:63
    • account_lockout Enable or disable Account Lockout. type:string choice: enable, disable
    • max_login_failures Max Login Failures. Only available when 'account_lockout' is enabled. type:integer maximum:30 minimum:1
    • within The number of minutes allowing max login login failures. Only available when 'account_lockout' is enabled. type:integer maximum:30 minimum:1
    • account_block_period Account Block Period. Only available when 'account_lockout' is enabled. type:integer maximum:3600 minimum:1
    • limit_users Enable or disable Limit Concurrent Users Per Account. type:string choice: enable, disable
    • maximum_users Maximum Concurrent Users. Only available when 'limit_users' is enabled. type:integer maximum:128 minimum:1
    • session_idle_timeout Session Idle Timeout (Unit: minute). Only available when 'limit_users' is enabled. type:integer maximum:1440 minimum:1
    • credential_stuffing_online_query Enable or disable Credential Stuffing Defense. type:string choice: enable, disable
    • credential_stuffing_protection Enable or disable Credential Stuffing Online Check. type:string choice: enable, disable
    • match_type Select Match type. type:string choice: any, all
    • security_action Select Match type. type:string choice: alert, deny_no_log, alert_deny, block-period, client-id-block-period,
    • block_period Block Period. Only available when 'security_action' is 'block-period'. type:integer maximum:30 minimum:1
    • security Select security level. type:string choice: Info, Low, Medium, High
    • trigger Select the trigger policy, if any, that FortiWeb carries out when it logs and/or sends an alert email about a violation. type:string maxLength:255
    • mkey If present, objects will be filtered on property with this name type:string
    • vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
    • clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string

Examples

- name:
  hosts: all
  vars:
  connection: httpapi
  gather_facts: false
  tasks:
   - name: add a site_publish policy
     fwebos_waf_site_publish_policy:
       action: add
       name: pp1
       account_block_period: 600
       account_lockout: enable
       security_action: alert_deny
       credential_stuffing_online_query: enable
       credential_stuffing_protection: enable
       limit_users: enable
       max_login_failures: 5
       maximum_users: 1
       session_idle_timeout: 30
       severity: Medium
       trigger: tp1
       within: 3

   - name: get a site_publish policy
     fwebos_waf_site_publish_policy:
       action: get
       name: pp1

   - name: edit a dlp dictionary
     fwebos_waf_site_publish_policy:
       action: edit
       name: pp1
       account_lockout: disable
       security_action: alert

   - name: delete a site_publish
     fwebos_waf_site_publish_policy:
       action: delete
       name: pp1

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • 200 : OK: Request returns successful
  • 400 : Bad Request: Request cannot be processed by the API
  • 401 : Not Authorized: Request without successful login session
  • 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
  • 404 : Resource Not Found: Unable to find the specified resource.
  • 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
  • 413 : Request Entity Too Large: Request cannot be processed due to large entity
  • 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
  • 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
  • 500 : Internal Server Error: Internal error when processing the request

For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Joseph Chen

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.