fwebos_waf_dlp_rule.py – Config FortiWeb Data Loss Preventation Rule¶
New in version 1.0.1.
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.11
FortiWeb Version Compatibility¶
v7.0.x |
v7.2.x |
v7.4.x |
v7.6.x |
|
| fwebos_waf_dlp_policy.py | yes | yes | yes | yes |
Parameters¶
- body Possible parameters to go in the body for the request required: True
- name A unique name that can be referenced in other parts of the configuration. type:string maxLength:63
- security_action Select which action the FortiWeb appliance will take when it detects a violation of the rule. type:string choice: alert, alert_deny, block-period
- severity Select which severity level FortiWeb uses when it logs a CSRF attack. type:string choice: Info, Low, Medium, High
- host_status Enable to apply this rule only to HTTP requests for specific web hosts. Disable to match the rule based on the URL and any parameter filter only. type:string choice: enable, disable,
- host Enter the IP address or FQDN of the host to which the DLP rule will be applied. Only available if Host Status is enabled. type:string maxLength:255
- url_type Simple string or regular expression type:string choice: plain, regular
- url Expression to specify the URL. type:string maxLength:255
- direction simple string or regular expression type:string choice: request, response, both
- type What type of data FortiWeb will scan. type:string choice: http-payload, files
- email_attachments Enable Attachments in Email to restrict the file scan exclusively to attachments in emails. Available only when 'files' is selected in Type. type:string choice: enable, disable,
- owa_protocol OWA Protocol. If enabled, FortiWeb will scan attachments in Email sent and received via a web browser login. type:string choice: enable, disable,
- activesync_protocol ActiveSync Protocol. If enabled, FortiWeb will scan attachments in Email sent and received via a mobile phone login. type:string choice: enable, disable,
- mapi_protocol MAPI Protocol. If enabled, FortiWeb will scan attachments in Email sent and received via the Messaging Application Programming Interface (MAPI), a transport protocol implemented in Microsoft Exchange Server 2013 Service Pack 1 (SP1). type:string choice: enable, disable,
- block_period Enter the amount of time (in seconds) that you want to block subsequent requests from the same IP address after FortiWeb detects a DLP rule violation. This setting is available only when Data Loss Prevention is set to Period Block. The valid range is 1–3,600 type:string maxLength:63
- trigger Select the trigger policy, if any, that FortiWeb carries out when it logs and/or sends an alert email about a DLP rule violation. type:string maxLength:255
- sensor Select the DLP sensor. type:string maxLength:255
- mkey If present, objects will be filtered on property with this name type:string
- vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
- clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string
Examples¶
- name:
hosts: all
vars:
connection: httpapi
gather_facts: false
tasks:
- name: add a policy of http payload type
fwebos_waf_dlp_rule:
action: add
name: dlp3
security_action: block-period
severity: High
host_status: enable
url_type: plain
direction: request
type: http-payload
block_period: 500
host: myhost
url: /folder2/*
trigger: tp1
sensor: sensor1
- name: add a policy of file type
fwebos_waf_dlp_rule:
action: add
name: dlp4
security_action: alert
severity: Low
host_status: enable
direction: request
type: files
trigger: tp1
sensor: sensor1
email_attachments: enable
owa_protocol: enable
activesync_protocol: disable
mapi_protocol: disable
- name: get a policy of file type
fwebos_waf_dlp_rule:
action: get
name: dlp4
- name: edit a policy of file type
fwebos_waf_dlp_rule:
action: edit
name: dlp4
security_action: alert
severity: Info
activesync_protocol: enable
mapi_protocol: enable
- name: delete a policy
fwebos_waf_dlp_rule:
action: delete
name: dlp4
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- 200 : OK: Request returns successful
- 400 : Bad Request: Request cannot be processed by the API
- 401 : Not Authorized: Request without successful login session
- 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
- 404 : Resource Not Found: Unable to find the specified resource.
- 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
- 413 : Request Entity Too Large: Request cannot be processed due to large entity
- 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
- 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
- 500 : Internal Server Error: Internal error when processing the request
For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119