fwebos_waf_url_rewriting_rule.py – Configure FortiWeb URL Rewriting Rules¶

New in version 1.0.1.

Synopsis
Requirements
FortiWeb Version Compatibility
Parameters
Examples
Return Values
Status
Authors

Synopsis ¶

Configure FortiWeb URL Rewriting Rules

Requirements ¶

The below requirements are needed on the host that executes this module.

ansible>=2.11

FortiWeb Version Compatibility ¶

	`v7.0.x`	`v7.2.x`	`v7.4.x`	`v7.6.x`
fwebos_waf_url_rewriting_rule.py	yes	yes	yes	yes

Parameters ¶

body Possible parameters to go in the body for the request required: True

name The name of URL Rewriting Rule. type:string maxLength:63
action_type Action Type. type:string choice: redirect, 403-forbidden, http-header-rewrite, http-response-body-rewrite, http-response-header-rewrite, redirect-301, http-request-body-rewrite
status_code_status Status of Replacement Status Code. type:string choice: enable, disable
status_code Number of Replacement Status Code. type:integer maximum:599 minimum:100
location_status Status of Replacement String. type:string choice: enable, disable
location_replace Value of Replacement String. type:string maxLength:1023
body_replace The string that will replace content in the body of HTTP responses.. type:string maxLength:255
response_replace_existing_headers Only available when 'action_type' is 'http-response-header-rewrite'. Enable or Disable Replace Existing Headers which overwrites the value of the existing header with your specified header value. On the other hand, if this option is disabled, the system will insert the header directly without checking if there is an existing header with the same header name. type:string choice: enable, disable
response_insert_list Only available when 'action_type' is 'http-response-header-rewrite'. Value of the existing header to be replaced. And the specified header value to be placed. type:list
request_replace_existing_headers Only available when 'action_type' is 'http-header-rewrite'. Enable or Disable Replace Existing Headers which overwrites the value of the existing header with your specified header value. On the other hand, if this option is disabled, the system will insert the header directly without checking if there is an existing header with the same header name. type:string choice: enable, disable
insert_list Only available when 'action_type' is 'http-header-rewrite'. Value of the existing header to be replaced. And the specified header value to be placed. Only when request_replace_existing_headers is enabled. type:list
response_remove_duplicate_headers Only available when 'action_type' is 'http-response-header-rewrite'. Enabling this option will remove all multiple items that match your specified header name. However, if this option is disabled, only the first matching item will be removed. type:string choice: enable, disable
response_removal_list Only available when 'action_type' is 'http-response-header-rewrite'. The name of the header field that you want to remove. Up to 10 header names can be added in the list.. type:list
request_remove_duplicate_headers Only available when 'action_type' is 'http-header-rewrite'. Enabling this option will remove all multiple items that match your specified header name. However, if this option is disabled, only the first matching item will be removed. type:string choice: enable, disable
removal_list Only available when 'action_type' is 'http-header-rewrite'. The name of the header field that you want to remove. Up to 10 header names can be added in the list.. type:list
request_replace_existing_cookies Only available when 'action_type' is 'http-header-rewrite'. If there is already a cookie with the same name existing in the request, enabling this option will overwrite the value of the existing cookie with your specified cookie value. type:string choice: enable, disable
cookie_insert_list Only available when 'action_type' is 'http-header-rewrite'. The list containing the name of the cookie that you want to insert to a request, and the value of the cookie that you want to insert.. type:list
request_remove_duplicate_cookies Only available when 'action_type' is 'http-header-rewrite'. If the system finds multiple items that match your specified cookie name, enabling this option will remove all of them. However, if this option is disabled, only the first matching item will be removed. type:string choice: enable, disable
cookie_removal_listOnly available when 'action_type' is 'http-header-rewrite'. The list containing the name of the cookie that you want to remove. Up to 10 header names can be added in the list. type:list
mkey If present, objects will be filtered on property with this name type:string
vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string

Examples ¶

- name:
  hosts: all
  vars:
  connection: httpapi
  gather_facts: false
  tasks:
   - name: add a URL rewriting policy
     fwebos_waf_url_rewriting_rule:
       action: add
       name: test1
       action_type: http-response-header-rewrite
       host_status: disable
       url_status: disable
       referer_status: disable
       location_replace:
       location_status: disable
       http_method_status: disable
       http_method: get
       status_code_status: disable
       status_code: 404
       request_replace_existing_headers: disable
       response_replace_existing_headers: disable
       request_remove_duplicate_headers: enable
       response_remove_duplicate_headers: enable
       request_remove_duplicate_cookies: disable
       request_replace_existing_cookies: disable
       response_removal_list:
        - { "response-removal-header-name": "to-remove5"}
        - { "response-removal-header-name": "to-remove4"}
       response_insert_list:
        - { "response-header-name": "to-insert", "response-header-value": "inserted" }
       flag_operation: 0

   - name: get a URL rewriting policy
     fwebos_waf_url_rewriting_rule:
       action: get
       name: test1

   - name: add a URL rewriting policy
     fwebos_waf_url_rewriting_rule:
       action: add
       name: test2
       action_type: http-header-rewrite
       host_status: enable
       host_use_pserver: enable
       host: FORTIWEB_PSERVER
       url_status: enable
       url: www.url1.com
       referer_status: enable
       referer_use_pserver: enable
       referer: http://FORTIWEB_PSERVER/
       location_replace:
       location_status: disable
       http_method_status: enable
       http_method: get
       status_code_status: enable
       status_code: 404
       request_replace_existing_headers: enable
       response_replace_existing_headers: disable
       request_remove_duplicate_headers: enable
       response_remove_duplicate_headers: enable
       request_remove_duplicate_cookies: enable
       request_replace_existing_cookies: enable


   - name: edit a URL rewriting policy
     fwebos_waf_url_rewriting_rule:
       action: edit
       name: test1
       action_type: http-response-header-rewrite
       request_remove_duplicate_headers: enable
       response_remove_duplicate_headers: enable
       response_removal_list:
        - { "response-removal-header-name": "r1"}
        - { "response-removal-header-name": "r2"}
        - { "response-removal-header-name": "r3"}
        - { "response-removal-header-name": "r4"}
       response_insert_list:
        - { "response-header-name": "i1", "response-header-value": "iv1" }
        - { "response-header-name": "i2", "response-header-value": "iv2" }
        - { "response-header-name": "i3", "response-header-value": "iv3" }

   - name: edit a URL rewriting policy
     fwebos_waf_url_rewriting_rule:
       action: edit
       name: test2
       action_type: http-request-body-rewrite
       body_replace: replacement301

   - name: delete a URL rewriting policy
     fwebos_waf_url_rewriting_rule:
       action: delete
       name: test1

Return Values ¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

200 : OK: Request returns successful
400 : Bad Request: Request cannot be processed by the API
401 : Not Authorized: Request without successful login session
403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
404 : Resource Not Found: Unable to find the specified resource.
405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
413 : Request Entity Too Large: Request cannot be processed due to large entity
424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
500 : Internal Server Error: Internal error when processing the request

For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119

Status ¶

This module is not guaranteed to have a backwards compatible interface.

Authors ¶

Jie Li
Brad Zhang

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.