fwebos_waf_http_header_security_policy_rule.py – Config FortiWeb HTTP Header Security Policy Rules

New in version 1.0.1.

Synopsis

Config FortiWeb HTTP Header Security Policy Rules

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.11

FortiWeb Version Compatibility


v7.0.x v7.2.x v7.4.x v7.6.x
fwebos_waf_http_header_security_policy.py yes yes yes yes

Parameters

  • body Possible parameters to go in the body for the request required: True
    • name A unique name that can be referenced in other parts of the configuration. type:string maxLength:63
    • request_status Click to enable or disable request filter. It is also named URL filter. Enable it so that responses to the request will be processed with the security headers only if the URL of a request matches the specified Request URL. type:string choice: enable, disable
    • request_type Select 'plain' (Simple String) to match the URL of requests with a literal URL specified in Request URL. Select 'regular' (Regular Expression) to match the URL of requests with a regular expression specified in Request URL. type:string choice: plain, regular
    • request_file The Request URL. type:string maxLength:255
    • secure_header_type FortiWeb security headers Types. type:string choice: x-xss-protection, x-frame-options, x-content-type-options, content-security-policy, feature-policy, permissions-policy, referrer-policy
    • exception The name of HTTP Header Security Policy Exception. type:string maxLength:63
    • referrer_policy_value The referrer policy options. Only available when 'secure_header_type' is 'referrer-policy'.type:string choice: no-referrer, no-referrer-when-downgrade, same-origin, origin, strict-origin, origin-when-cross-origin, strict-origin-when-cross-origin, unsafe-url
    • protection_mode Used to direct the browers to stop loading pages when reflected XSS attackes are detected. type:string choice: deny (when 'secure_header_type' is 'x-frame-options'), sameorigin (when 'secure_header_type' is 'x-frame-options'), allow-from (when 'secure_header_type' is 'x-frame-options'), nosniff (when 'secure_header_type' is 'x-content-type-options'), sanitizing-mode (when 'secure_header_type' is 'x-xss-protection'), block-mode (when 'secure_header_type' is 'x-xss-protection')
    • header_value Used to reduce XSS risk and data injection attacks on browers. type:string maxLength:2047
    • allow_from_source Allowed From URI. Only available when 'protection_mode' is 'allow-from'. type:string maxLength:255
    • mkey If present, objects will be filtered on property with this name type:string
    • vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
    • clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string

Examples

- name:
  hosts: all
  vars:
  connection: httpapi
  gather_facts: false
  tasks:
   - name: add a New Secure Header Rule
     fwebos_waf_http_header_security_policy_rule:
      action: add
      name: HP
      request_status: disable
      request_type: plain
      protection_mode: sanitizing-mode
      secure_header_type: x-xss-protection

   - name: edit a Secure Header Rule
     fwebos_waf_http_header_security_policy_rule:
      action: edit
      name: HP
      id: 1
      secure_header_type: x-frame-options
      protection_mode: allow-from
      allow_from_source: "http://www.google.com"
      exception: hse1

   - name: edit a Secure Header Rule
     fwebos_waf_http_header_security_policy_rule:
      action: edit
      name: HP
      id: 1
      secure_header_type: content-security-policy
      header_value: "http://www.amazon.ca"
      exception: hse1

   - name: edit a Secure Header Rule
     fwebos_waf_http_header_security_policy_rule:
      action: edit
      name: HP
      id: 1
      secure_header_type: referrer-policy
      referrer_policy_value: no-referrer
      exception: ""

   - name: get a Secure Header Rule
     fwebos_waf_http_header_security_policy_rule:
      action: get
      name: HP
      id: 1

   - name: delete a Secure Header Rule
     fwebos_waf_http_header_security_policy_rule:
      action: delete
      name: HP
      id: 1

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • 200 : OK: Request returns successful
  • 400 : Bad Request: Request cannot be processed by the API
  • 401 : Not Authorized: Request without successful login session
  • 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
  • 404 : Resource Not Found: Unable to find the specified resource.
  • 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
  • 413 : Request Entity Too Large: Request cannot be processed due to large entity
  • 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
  • 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
  • 500 : Internal Server Error: Internal error when processing the request

For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Joseph Chen

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.