Ansible Galaxy FortiWeb Collection

FortiWeb/Galaxy Version Mapping Guide

  • FortiWeb Galaxy Versioning

User's Guide

  • Install FortiWeb Ansible Galaxy
  • Run Your First Playbook
  • Get Help

modules index

  • Configuration Modules
    • fwebos_admin.py – Configure FortiWeb admin
    • fwebos_admin_profiles.py – Configure FortiWeb admin profiles
    • fwebos_backup_download.py – Download FortiWeb config file
    • fwebos_bot_detection.py – Config FortiWeb Bot Detection Policy
    • fwebos_bot_detection_exception.py – Config FortiWeb Bot Detection Policy Exceptions
    • fwebos_bot_detection_ip.py – Config FortiWeb Bot Detection Limit Sample Collections From IPs
    • fwebos_certificate_ca.py – Config FortiWeb server objects CA
    • fwebos_certificate_ca_group.py – Config FortiWeb server objects CA group
    • fwebos_certificate_ca_group_member.py – Config FortiWeb server objects group member
    • fwebos_certificate_ca_tsl.py – Config FortiWeb server objects TSL CA
    • fwebos_certificate_crl.py – Config FortiWeb server objects CRL
    • fwebos_certificate_crl_group.py – Config FortiWeb server objects CRL group
    • fwebos_certificate_crl_group_member.py – Config FortiWeb server objects CRL group member
    • fwebos_certificate_intermediate_ca.py – Config FortiWeb server objects Intermediate CA
    • fwebos_certificate_intermediate_ca_group.py – Config FortiWeb server objects Intermediate CA group
    • fwebos_certificate_intermediate_ca_group_member.py – Config FortiWeb server objects Intermediate CA group member
    • fwebos_certificate_letsencrypt.py – Config FortiWeb server objects Letsencrypt
    • fwebos_certificate_letsencrypt_issue.py – Call FortiWeb server objects Letsencrypt issue action
    • fwebos_certificate_letsencrypt_revoke.py – Call FortiWeb server objects Letsencrypt revoke action
    • fwebos_certificate_local_csr.py – Config FortiWeb server objects Local
    • fwebos_certificate_local_import_certificate.py – Upload local certificates to FortiWeb
    • fwebos_certificate_local_multi.py – Config FortiWeb server objects Local Multi-certificate
    • fwebos_certificate_ocsp_stapling.py – Config FortiWeb server objects OCSP Stapling
    • fwebos_certificate_offline_sni_group.py – Config FortiWeb server objects SNI Offline SNI
    • fwebos_certificate_offline_sni_member.py – Config FortiWeb server objects SNI Offline SNI member
    • fwebos_certificate_public_key_pinning.py – Config FortiWeb server objects Public Key Pinning
    • fwebos_certificate_sign_ca.py – Config FortiWeb server objects Sign CA
    • fwebos_certificate_sni_group.py – Config FortiWeb server objects SNI Inline SNI
    • fwebos_certificate_sni_member.py – Config FortiWeb server objects SNI Inline SNI member
    • fwebos_certificate_urlcert_group.py – Config FortiWeb server objects URL Certificate group
    • fwebos_certificate_urlcert_list.py – Config FortiWeb server objects URL Certificate list
    • fwebos_certificate_verify.py – Config FortiWeb server objects Certificate Verify
    • fwebos_certificate_verify_server.py – Config FortiWeb server objects Server Certificate Verify
    • fwebos_certificate_xml_certificate_client.py – Config FortiWeb server objects XML Certificate Client Certificate
    • fwebos_certificate_xml_certificate_server.py – Config FortiWeb server objects XML Certificate Server Certificate
    • fwebos_certificate_xml_client_group.py – Config FortiWeb server objects XML Certificate Client group
    • fwebos_certificate_xml_client_group_member.py – Config FortiWeb server objects XML Certificate Client group member
    • fwebos_content_routing_list.py – Config FortiWeb Content Routing Policy List
    • fwebos_content_routing_policy.py – Config FortiWeb Content Routing Policy Object
    • fwebos_content_routing_policy_match_list.py – Config FortiWeb Content Routing Policy Match Details.
    • fwebos_fortiguard_config.py – Config FortiWeb System FortiGuard info
    • fwebos_ha.py – Config FortiWeb HA options
    • fwebos_hsm_partion.py – Config FortiWeb HSM Partion
    • fwebos_hsm_server.py – Config FortiWeb HSM Server info
    • fwebos_hsm_server_download.py – Download HSM Server Certificate
    • fwebos_json_generic.py – FortiWeb All REST API Requests Sender/Receiver
    • fwebos_ml_based_api_protection_policy.py – Config FortiWeb ML Based API Protection Policy
    • fwebos_ml_based_api_protection_policy_domain.py – Config FortiWeb ML Based API Protection Policy Domain
    • fwebos_ml_based_api_protection_policy_domain_path_list.py – Config the Restrict Learning Paths in FortiWeb ML Based API Protection Policy Domain
    • fwebos_ml_based_api_protection_policy_ip_list.py – Config FortiWeb ML Based API Protection Configuration IP List
    • fwebos_ntp.py – Config FortiWeb NTP settings
    • fwebos_server_policy.py – Config FortiWeb Policy Server Policy
    • fwebos_server_pool.py – Config FortiWeb server objects Server Pool
    • fwebos_server_pool_rule.py – Config FortiWeb server objects Server Pool member
    • fwebos_server_service.py – Config FortiWeb server objects Service
    • fwebos_snmp_community.py – Config FortiWeb SNMP v1/v2c Community
    • fwebos_snmp_sysinfo.py – Config FortiWeb SNMP system info
    • fwebos_snmp_user.py – Config FortiWeb SNMP v3 user
    • fwebos_snmp_user_default.py – Config FortiWeb SNMP v3 user
    • fwebos_system_setting.py – Config System Administrators Settings in FortiWeb
    • fwebos_virtual_ip.py – Config FortiWeb Network Virtual IP
    • fwebos_virtual_server.py – Config FortiWeb server objects virtual server
    • fwebos_virtual_server_vip.py – Assign FortiWeb virtual IP with virtual server
    • fwebos_waf_cookie_security.py – Config FortiWeb Web Protection Cookie Security
      • Synopsis
      • Requirements
      • FortiWeb Version Compatibility
      • Parameters
      • Examples
      • Return Values
      • Status
      • Authors
    • fwebos_waf_cookie_security_exception.py – Config FortiWeb Web Protection Cookie Security exceptions
    • fwebos_waf_csrf_page_rule.py – Config FortiWeb CSRF Page Rule
    • fwebos_waf_csrf_protection_rule.py – Config FortiWeb CSRF Protection Rule
    • fwebos_waf_csrf_url_rule.py – Config FortiWeb CSRF URL Rule
    • fwebos_waf_custom_policy.py – Config FortiWeb Advanced Protection Custom Policy
    • fwebos_waf_custom_policy_item.py – Config FortiWeb Advanced Protection Custom Policy Items
    • fwebos_waf_custom_protection_group.py – Config FortiWeb Custom Policy policy
    • fwebos_waf_custom_protection_group_type_list.py – Assign FortiWeb Custom Policy Custom Rule to policy
    • fwebos_waf_custom_protection_rule.py – Config FortiWeb Custom Policy Custom Rule
    • fwebos_waf_custom_protection_rule_condition.py – Config FortiWeb Custom Policy Custom Rule conditions
    • fwebos_waf_custom_rule.py – Config FortiWeb Advanced Protection Custom Policy Rule
    • fwebos_waf_dlp_dictionary.py – Config FortiWeb Data Loss Preventation Dictionary
    • fwebos_waf_dlp_policy.py – Config FortiWeb Data Loss Preventation Policy
    • fwebos_waf_dlp_policy_rule_entry.py – Config FortiWeb Data Loss Preventation Rule in a Data Loss Preventation Policy
    • fwebos_waf_dlp_rule.py – Config FortiWeb Data Loss Preventation Rule
    • fwebos_waf_dlp_sensor.py – Config FortiWeb Data Loss Preventation Sensor
    • fwebos_waf_dlp_sensor_entry.py – Config FortiWeb Data Loss Preventation Sensor Entries
    • fwebos_waf_file_upload_policy.py – Config FortiWeb Input Validation File Security
    • fwebos_waf_file_upload_policy_rule.py – Assign FortiWeb Input Validation File Security rules to policy
    • fwebos_waf_file_upload_rule.py – Config FortiWeb Input Validation File Security Rule
    • fwebos_waf_file_upload_rule_filetype.py – Config FortiWeb Input Validation File Security Rule file types
    • fwebos_waf_geo_block.py – Config FortiWeb IP Protection GEO IP
    • fwebos_waf_geo_block_country.py – Edit Country list in GEO IP Policy
    • fwebos_waf_http_constraints_exceptions.py – Config FortiWeb Web Protection HTTP Constraints exceptions
    • fwebos_waf_http_constraints_exceptions_list.py – Config FortiWeb Web Protection HTTP Constraints exceptions rules
    • fwebos_waf_http_header_security_policy.py – Config FortiWeb HTTP Header Security Policy
    • fwebos_waf_http_header_security_policy_exception.py – Config FortiWeb HTTP Header Security Policy Exception
    • fwebos_waf_http_header_security_policy_exception_item.py – Config FortiWeb HTTP Header Security Policy Exception Item
    • fwebos_waf_http_header_security_policy_rule.py – Config FortiWeb HTTP Header Security Policy Rules
    • fwebos_waf_http_protocol_parameter_restriction.py – Config FortiWeb Web Protection HTTP Constraints
    • fwebos_waf_ip.py – Config FortiWeb IP Protection IP List
    • fwebos_waf_ip_members.py – Config FortiWeb IP Protection IP List member
    • fwebos_waf_json_protection_policy.py – Config FortiWeb JSON Protection Policy
    • fwebos_waf_json_protection_policy_item.py – Config FortiWeb JSON Protection Policy Rule Item
    • fwebos_waf_json_protection_rule.py – Config FortiWeb JSON Protection Rule
    • fwebos_waf_json_schema.py – Config FortiWeb JSON Schema
    • fwebos_waf_json_schema_group.py – Config FortiWeb JSON Schema Group
    • fwebos_waf_json_schema_group.py – Config FortiWeb JSON Schema Group Member
    • fwebos_waf_known_bots.py – Config FortiWeb Known Bots
    • fwebos_waf_signature.py – Config FortiWeb Web Protection Signature
    • fwebos_waf_signature_filter_list.py – Config FortiWeb Web Protection Signature filter list
    • fwebos_waf_site_publish_authentication_server_pool.py – Config FortiWeb Site Publish Policy’s Authentication Server Pool
    • fwebos_waf_site_publish_authentication_server_pool_member.py – Config FortiWeb Published Site Policy’s Authentication Server Pool’s Members
    • fwebos_waf_site_publish_policy.py – Config FortiWeb Published Site Policy
    • fwebos_waf_site_publish_policy_rule.py – Config rule entries in a Site Publish Policy
    • fwebos_waf_site_publish_rule.py – Config FortiWeb Published Site Policy
    • fwebos_waf_site_publish_rule_custom_header.py – Config Custom Headers in a Site Publish Rule
    • fwebos_waf_site_publish_service_principal_name_pool.py – Config FortiWeb Site Publish Policy’s Service Principal Name Pool
    • fwebos_waf_site_publish_service_principal_name_pool_member.py – Config FortiWeb Published Site Policy’s Service Principal Name Pool’s Members
    • fwebos_waf_syntax.py – Config FortiWeb Web Protection SQL/XSS Syntax Based Detetction
    • fwebos_waf_url_access_policy.py – Config FortiWeb Web Protection URL Access policy
    • fwebos_waf_url_access_policy_rule.py – Assign URL policy rule to a policy
    • fwebos_waf_url_access_rule.py – Config FortiWeb Web Protection URL Access rules
    • fwebos_waf_url_access_rule_condition.py – Config FortiWeb Web Protection URL Access rules conditions
    • fwebos_waf_url_rewriting_policy.py – Config FortiWeb URL Rewriting Policy
    • fwebos_waf_url_rewriting_policy_rule.py – Config FortiWeb URL Rules in a Rewriting Policy
    • fwebos_waf_url_rewriting_rule.py – Configure FortiWeb URL Rewriting Rules
    • fwebos_waf_url_rewriting_rule_condition.py – Config FortiWeb URL Rewriting Rule Condition
    • fwebos_waf_waiting_room_policy.py – Config FortiWeb Waiting Room
    • fwebos_waf_waiting_room_policy_bypass_rule.py – Config FortiWeb Waiting Room Bypass Rule
    • fwebos_waf_webshell.py – Config FortiWeb Web Protection Web Shell Detetction
    • fwebos_waf_xff.py – Config FortiWeb X-Forward-For policy
    • fwebos_waf_xff_ip_list.py – Config FortiWeb X-Forward-For policy ip list
    • fwebos_waf_xml_policy.py – Config FortiWeb API Protection XML Protection policy
    • fwebos_waf_xml_policy_rule_list.py – Assign FortiWeb API Protection XML Protection rule to a policy
    • fwebos_waf_xml_rule.py – Config FortiWeb API Protection XML Protection rule

Appendices

  • Release Notes
Ansible Galaxy FortiWeb Collection
  • Configuration Modules
  • fwebos_waf_cookie_security.py – Config FortiWeb Web Protection Cookie Security
  • View page source

fwebos_waf_cookie_security.py – Config FortiWeb Web Protection Cookie Security¶

New in version 1.0.1.

  • Synopsis
  • Requirements
  • FortiWeb Version Compatibility
  • Parameters
  • Examples
  • Return Values
  • Status
  • Authors

Synopsis¶

Config FortiWeb Web Protection Cookie Security

Requirements¶

The below requirements are needed on the host that executes this module.

  • ansible>=2.11

FortiWeb Version Compatibility¶


v7.0.x v7.2.x v7.4.x v7.6.x
fwebos_waf_cookie_security.py yes yes yes yes

Parameters¶

  • body Possible parameters to go in the body for the request required: True
    • name name type:string maxLength:63
    • cookie-security-exception-list cookie security exception list type:array
      • id The number of the cookie security exception list
      • cookie-name cookie name
      • cookie-domain cookie domain
      • cookie-path cookie path
      • wildcard treat asterisk in cookie-name as wildcard
    • security-mode security mode type:string choice: no, encrypted, signed,
    • action action type:string choice: alert, deny_no_log, alert_deny, remove_cookie, block-period, client-id-block-period,
    • block-period action block period(1-3600) type:integer maximum:3600 minimum:1
    • severity High, Medium, Low or Informative type:string choice: High, Medium, Low, Info,
    • trigger choose Email or syslog policy type:string
    • cookie-replay-protection-type cookie replay protection type type:string choice: no, IP,
    • max-age max-age(0-65535) type:integer maximum:65535 minimum:0
    • secure-cookie secure cookie type:string choice: enable, disable,
    • http-only http only type:string choice: enable, disable,
    • allow-suspicious-cookies allow suspicious cookies type:string choice: Never, Always, Custom,
    • allow-time allow date type:string
    • mkey If present, objects will be filtered on property with this name type:string
    • vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
    • clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string

Examples¶

- name:
  hosts: all
  vars:
  connection: httpapi
  gather_facts: false
  tasks:
    - name: delete
      fwebos_waf_cookie_security:
       action: delete
       vdom: root
       name: test

    - name: Create
      fwebos_waf_cookie_security:
       action: add
       vdom: root
       security_mode: encrypted
       cookie_replay_protection_type: IP
       allow_suspicious_cookies: Custom
       allow_time_model: 2022-10-28T17:11:54.000Z
       security_action: alert
       severity: Medium
       block_period: 600
       max_age: 0
       http_only: disable
       name: test
       trigger: test
       allow_time: 2022/10/28

    - name: edit
      fwebos_waf_cookie_security:
       action: edit
       vdom: root
       security_mode: encrypted
       cookie_replay_protection_type: IP
       allow_suspicious_cookies: Custom
       allow_time_model: 2022-10-28T17:11:54.000Z
       security_action: alert
       severity: Medium
       block_period: 600
       max_age: 0
       http_only: disable
       name: test
       trigger: test
       allow_time: 2022/10/27

Return Values¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • 200 : OK: Request returns successful
  • 400 : Bad Request: Request cannot be processed by the API
  • 401 : Not Authorized: Request without successful login session
  • 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
  • 404 : Resource Not Found: Unable to find the specified resource.
  • 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
  • 413 : Request Entity Too Large: Request cannot be processed due to large entity
  • 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
  • 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
  • 500 : Internal Server Error: Internal error when processing the request

For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119

Status¶

  • This module is not guaranteed to have a backwards compatible interface.

Authors¶

  • Jie Li
  • Brad Zhang

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.

Previous Next

© Copyright 2020-2022, Fortinet.

Built with Sphinx using a theme provided by Read the Docs.