fwebos_waf_site_publish_rule.py – Config FortiWeb Published Site Policy

New in version 1.0.1.

Synopsis

Config FortiWeb Published Site Policy

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.11

FortiWeb Version Compatibility


v7.0.x v7.2.x v7.4.x v7.6.x
fwebos_waf_site_publish_rule.py yes yes yes yes

Parameters

  • body Possible parameters to go in the body for the request required: True
    • name A unique name that can be referenced in other parts of the configuration. type:string maxLength:63
    • published_site Name of Published Site. type:string maxLength:255
    • published_site_type Published Site Type. Simple string ('plain') or regular expression ('regular'). type:string choice: plain, regular
    • path Path of Published Site. type:string maxLength:2071
    • account_lockout Enable or disable Account Lockout. type:string choice: enable, disable
    • cookieless Enable or disable cookieless. type:string choice: enable, disable
    • max_login_failures Max Login Failures. Only available when 'account_lockout' is enabled. type:integer maximum:30 minimum:1
    • within The number of minutes allowing max login login failures. Only available when 'account_lockout' is enabled. type:integer maximum:30 minimum:1
    • account_block_period Account Block Period. Only available when 'account_lockout' is enabled. type:integer maximum:3600 minimum:1
    • limit_users Enable or disable Limit Concurrent Users Per Account. type:string choice: enable, disable
    • maximum_users Maximum Concurrent Users. Only available when 'limit_users' is enabled. type:integer maximum:128 minimum:1
    • session_idle_timeout Session Idle Timeout (Unit: minute). Only available when 'limit_users' is enabled. type:integer maximum:1440 minimum:1
    • credential_stuffing_online_query Enable or disable Credential Stuffing Defense. type:string choice: enable, disable
    • credential_stuffing_protection Enable or disable Credential Stuffing Online Check. type:string choice: enable, disable
    • match_type Select Match type. type:string choice: any, all
    • security_action Choose the action FortiWeb takes when a rule is violated. type:string choice: alert, deny_no_log, alert_deny, block-period, client-id-block-period,
    • block_period Block Period. Only available when 'security_action' is 'block-period'. type:integer maximum:30 minimum:1
    • security Select security level. type:string choice: Info, Low, Medium, High
    • trigger Select the trigger policy, if any, that FortiWeb carries out when it logs and/or sends an alert email about a violation. type:string maxLength:255
    • client_auth_method Client Authentication Method. Only available when 'cookieless' is enabled. type:string choice: html-form-auth, http-auth, client-cert-auth, saml-auth, oauth-auth, ntlm-auth
    • cookie_timeout Authentication Cookie Timeout. type:integer maximum:216000 minimum:1
    • redirect_url Redirect URL After Authentication (Optional). type:string maxLength:255
    • append_custom_header Append Custom Header. type:string choice: enable,
    • sso_support SSO Support. type:string choice: enable, disable
    • sso_domain SSO Domain. Only available when 'sso_support' is enabled. type:string maxLength:255
    • auth_server_pool Authentication Server Pool. Only available when 'client_auth_method' is 'html-form-auth'. type:string maxLength:255
    • auth_delegation Authentication Delegation. type:string choice: no-delegation, kerberos, ntlm, form-based-delegation, kerberos-constrained-delegation, radius-constrained-delegation
    • form_based_delegation Form based delegation. Only available when 'client_auth_method' is 'html-form-auth' and 'auth_delegation' is 'form-based-delegation'. type:string maxLength:255
    • ntlm_server NTLM Server. Only available when 'client_auth_method' is 'ntlm-auth'. type:string maxLength:255
    • alert_type Select Alert Type. type:string choice: fail (Failed Only), success (successful Only), none, all
    • mkey If present, objects will be filtered on property with this name type:string
    • vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
    • clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string

Examples

- name:
  hosts: all
  vars:
  connection: httpapi
  gather_facts: false
  tasks:
   - name: add a site_publish rule
     fwebos_waf_site_publish_rule:
       action: add
       name: spr_test
       published_site: testsite.com
       published_site_type: plain
       status: enable
       cookieless: disable
       cookieless_cache: 3600
       client_auth_method: html-form-auth
       auth_server_pool: asp1
       ntlm_server:
       auth_delegation: no-delegation
       form_based_delegation:
       sso_support: enable
       sso_domain: domin1
       prefix_support: enable
       prefix_domain: prefix1
       path: /path1/path2/*
       alert_type: fail
       logoff_path_type: plain
       Published_Server_Logoff_Path: /abc/efg
       redirect_url:
       cookie_timeout: 222
       csrf_enhancement: enable
       append_custom_header: enable
       pass_failed_auth: enable
       cache_tgs_ticket: enable

   - name: get a site_publish rule
     fwebos_waf_site_publish_rule:
       action: get
       name: spr_test


   - name: edit a site_publish rule
     fwebos_waf_site_publish_rule:
       action: edit
       name: spr_test
       published_site: testsite1.com
       published_site_type: plain
       status: enable
       client_auth_method: http-auth

   - name: delete a site_publish rule
     fwebos_waf_site_publish_rule:
       action: delete
       name: spr_test

   - name: delete a site_publish rule again
     fwebos_waf_site_publish_rule:
       action: delete
       name: spr_test

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • 200 : OK: Request returns successful
  • 400 : Bad Request: Request cannot be processed by the API
  • 401 : Not Authorized: Request without successful login session
  • 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
  • 404 : Resource Not Found: Unable to find the specified resource.
  • 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
  • 413 : Request Entity Too Large: Request cannot be processed due to large entity
  • 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
  • 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
  • 500 : Internal Server Error: Internal error when processing the request

For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Joseph Chen

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.