:source: fwebos_waf_syntax.py
:orphan:
.. fwebos_waf_syntax.py:
fwebos_waf_syntax.py -- Config FortiWeb Web Protection SQL/XSS Syntax Based Detetction
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.. versionadded:: 1.0.1
.. contents::
:local:
:depth: 1
Synopsis
--------
Config FortiWeb Web Protection SQL/XSS Syntax Based Detetction
Requirements
------------
The below requirements are needed on the host that executes this module.
- ansible>=2.11
FortiWeb Version Compatibility
------------------------------
.. raw:: html
|
v7.0.x |
v7.2.x |
v7.4.x |
v7.6.x |
| fwebos_waf_syntax.py |
yes |
yes |
yes |
yes |
Parameters
----------
.. raw:: html
- body Possible parameters to go in the body for the request required: True
- name name type:string
maxLength:63
- detection-target-sql detection targets during SQL injection detection type:string choice:
ARGS_NAMES,
ARGS_VALUE,
REQUEST_COOKIES,
REQUEST_USER_AGENT,
REQUEST_REFERER,
OTHER_REQUEST_HEADERS,
- detection-target-xss detection targets during XSS injection detection type:string choice:
ARGS_NAMES,
ARGS_VALUE,
REQUEST_COOKIES,
REQUEST_USER_AGENT,
REQUEST_REFERER,
OTHER_REQUEST_HEADERS,
- sql-detection-template SQL injection detection template type:string choice:
SINGLE_QUOTE,
DOUBLE_QUOTE,
AS_IS,
- xss-html-tag-based-status status type:string choice:
enable,
disable,
- xss-html-tag-based-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- xss-html-tag-based-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- xss-html-tag-based-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- xss-html-tag-based-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- xss-html-tag-based-trigger choose Email or syslog policy type:string
- xss-html-tag-based-check-level check level type:string choice:
strict,
moderate,
- xss-html-attribute-based-status status type:string choice:
enable,
disable,
- xss-html-attribute-based-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- xss-html-attribute-based-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- xss-html-attribute-based-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- xss-html-attribute-based-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- xss-html-attribute-based-trigger choose Email or syslog policy type:string
- xss-html-css-based-status status type:string choice:
enable,
disable,
- xss-html-css-based-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- xss-html-css-based-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- xss-html-css-based-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- xss-html-css-based-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- xss-html-css-based-trigger choose Email or syslog policy type:string
- xss-javascript-function-based-status status type:string choice:
enable,
disable,
- xss-javascript-function-based-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- xss-javascript-function-based-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- xss-javascript-function-based-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- xss-javascript-function-based-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- xss-javascript-function-based-trigger choose Email or syslog policy type:string
- xss-javascript-variable-based-status status type:string choice:
enable,
disable,
- xss-javascript-variable-based-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- xss-javascript-variable-based-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- xss-javascript-variable-based-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- xss-javascript-variable-based-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- xss-javascript-variable-based-trigger choose Email or syslog policy type:string
- sql-stacked-queries-status status type:string choice:
enable,
disable,
- sql-stacked-queries-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- sql-stacked-queries-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- sql-stacked-queries-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- sql-stacked-queries-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- sql-stacked-queries-trigger choose Email or syslog policy type:string
- sql-embeded-queries-status status type:string choice:
enable,
disable,
- sql-embeded-queries-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- sql-embeded-queries-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- sql-embeded-queries-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- sql-embeded-queries-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- sql-embeded-queries-trigger choose Email or syslog policy type:string
- sql-condition-based-status status type:string choice:
enable,
disable,
- sql-condition-based-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- sql-condition-based-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- sql-condition-based-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- sql-condition-based-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- sql-condition-based-trigger choose Email or syslog policy type:string
- sql-arithmetic-operation-status status type:string choice:
enable,
disable,
- sql-arithmetic-operation-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- sql-arithmetic-operation-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- sql-arithmetic-operation-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- sql-arithmetic-operation-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- sql-arithmetic-operation-trigger choose Email or syslog policy type:string
- sql-line-comments-status status type:string choice:
enable,
disable,
- sql-line-comments-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- sql-line-comments-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- sql-line-comments-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- sql-line-comments-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- sql-line-comments-trigger choose Email or syslog policy type:string
- sql-function-based-status status type:string choice:
enable,
disable,
- sql-function-based-action action type:string choice:
alert,
redirect,
deny_no_log,
alert_deny,
block-period,
send_http_response,
client-id-block-period,
- sql-function-based-block-period block period(1-3600) type:integer
maximum:3600
minimum:1
- sql-function-based-severity severity:High, Medium, Low or Informative type:string choice:
High,
Medium,
Low,
Info,
- sql-function-based-threat-weight threat weight type:string choice:
informational,
low,
moderate,
substantial,
severe,
critical,
- sql-function-based-trigger choose Email or syslog policy type:string
- exception-element-list list of exception elements type:array
- id id
- match-target match targets
- operator operator
- ip IP range
- value-name value name
- value-check disable/enable
- value value
- concatenate-type concatenate relationship with the previous filter rule
- attack-type attack type
- mkey If present, objects will be filtered on property with this name type:string
- vdom Specify the Virtual Domain(s) from which results are returned or changes are applied to. If this parameter is not provided, the management VDOM will be used. If the admin does not have access to the VDOM, a permission error will be returned. The URL parameter is one of: vdom=root (Single VDOM) vdom=vdom1,vdom2 (Multiple VDOMs) vdom=* (All VDOMs) type:array
- clone_mkey Use *clone_mkey* to specify the ID for the new resource to be cloned. If *clone_mkey* is set, *mkey* must be provided which is cloned from. type:string
Examples
--------
.. code-block:: yaml+jinja
- name:
hosts: all
vars:
connection: httpapi
gather_facts: false
tasks:
- name: delete certificate hpkp
fwebos_waf_syntax:
action: delete
name: 123
- name: Create certificate hpkp
fwebos_waf_syntax:
action: add
sql_arithmetic_operation_block_period: 600
sql_stacked_queries_threat_weight: severe
sql_embeded_queries_block_period: 600
sql_arithmetic_operation_status: enable
sql_condition_based_severity: High
xss_html_attribute_based_block_period: 600
xss_html_tag_based_trigger: ""
sql_condition_based_threat_weight_value: 4
sql_function_based_severity: High
xss_javascript_function_based_block_period: 600
xss_html_attribute_based_threat_weight_value: 4
xss_html_attribute_based_threat_weight: severe
sql_embeded_queries_trigger: ""
sql_line_comments_status: enable
xss_javascript_variable_based_trigger:
sql_line_comments_threat_weight_value: 4
xss_html_tag_based_block_period: 600
sql_arithmetic_operation_severity: High
sql_embeded_queries_status: enable
sql_condition_based_threat_weight: severe
xss_html_attribute_based_severity: High
sql_condition_based_status: enable
sql_stacked_queries_trigger: ""
xss_html_css_based_status: enable
xss_javascript_variable_based_block_period: 600
xss_html_attribute_based_action: alert_deny
detection_target_sql: ARGS_NAMES ARGS_VALUE REQUEST_COOKIES
sql_stacked_queries_threat_weight_value: 4
sql_embeded_queries_threat_weight: severe
sql_stacked_queries_status: enable
sql_function_based_threat_weight: severe
xss_javascript_variable_based_threat_weight: severe
sz_exception_element_list: 0
xss_html_tag_based_threat_weight: severe
sql_stacked_queries_action: alert_deny
xss_javascript_variable_based_threat_weight_value: 4
sql_arithmetic_operation_action: alert_deny
sql_condition_based_block_period: 600
sql_function_based_status: enable
sql_embeded_queries_severity: High
sql_embeded_queries_action: alert_deny
sql_arithmetic_operation_trigger:
xss_html_tag_based_action: alert_deny
xss_html_tag_based_status: enable
sql_stacked_queries_severity: High
sql_arithmetic_operation_threat_weight_value: 4
sql_function_based_threat_weight_value: 4
xss_html_css_based_trigger: ""
xss_html_tag_based_severity: High
xss_javascript_function_based_severity: High
sql_function_based_trigger: ""
sql_line_comments_trigger: ""
xss_html_css_based_block_period: 600
xss_javascript_variable_based_action: alert_deny
xss_javascript_function_based_threat_weight_value: 4
xss_javascript_function_based_status: enable
detection_target_xss: ARGS_NAMES ARGS_VALUE REQUEST_COOKIES
xss_javascript_function_based_threat_weight: severe
sql_embeded_queries_threat_weight_value: 4
xss_javascript_variable_based_status: enable
xss_javascript_function_based_trigger:
xss_html_css_based_threat_weight: severe
sql_condition_based_action: alert_deny
xss_javascript_variable_based_severity: High
sql_stacked_queries_block_period: 600
sql_line_comments_action: alert_deny
xss_html_tag_based_check_level: strict
name: test4
xss_html_tag_based_threat_weight_value: 4
sql_arithmetic_operation_threat_weight: severe
xss_html_css_based_severity: High
sql_function_based_block_period: 600
xss_html_css_based_action: alert_deny
sql_line_comments_threat_weight: severe
sql_function_based_action: alert_deny
xss_javascript_function_based_action: alert_deny
sql_line_comments_block_period: 600
sql_condition_based_trigger: ""
xss_html_attribute_based_status: enable
sql_line_comments_severity: High
xss_html_css_based_threat_weight_value: 4
xss_html_attribute_based_trigger: ""
vdom: root
- name: edit certificate hpkp
fwebos_waf_syntax:
action: edit
sql_arithmetic_operation_block_period: 600
sql_stacked_queries_threat_weight: severe
sql_embeded_queries_block_period: 600
sql_arithmetic_operation_status: enable
sql_condition_based_severity: High
xss_html_attribute_based_block_period: 600
xss_html_tag_based_trigger:
sql_condition_based_threat_weight_value: 4
sql_function_based_severity: High
xss_javascript_function_based_block_period: 600
xss_html_attribute_based_threat_weight_value: 4
xss_html_attribute_based_threat_weight: severe
sql_embeded_queries_trigger:
sql_line_comments_status: enable
xss_javascript_variable_based_trigger:
sql_line_comments_threat_weight_value: 4
xss_html_tag_based_block_period: 600
sql_arithmetic_operation_severity: High
sql_embeded_queries_status: enable
sql_condition_based_threat_weight: severe
xss_html_attribute_based_severity: High
sql_condition_based_status: enable
sql_stacked_queries_trigger:
xss_html_css_based_status: enable
xss_javascript_variable_based_block_period: 600
xss_html_attribute_based_action: alert_deny
detection_target_sql: ARGS_NAMES ARGS_VALUE REQUEST_COOKIES
sql_stacked_queries_threat_weight_value: 4
sql_embeded_queries_threat_weight: severe
sql_stacked_queries_status: enable
sql_function_based_threat_weight: severe
xss_javascript_variable_based_threat_weight: severe
sz_exception_element_list: 0
xss_html_tag_based_threat_weight: severe
sql_stacked_queries_action: alert_deny
xss_javascript_variable_based_threat_weight_value: 4
sql_arithmetic_operation_action: alert_deny
sql_condition_based_block_period: 600
sql_function_based_status: enable
sql_embeded_queries_severity: High
sql_embeded_queries_action: alert_deny
sql_arithmetic_operation_trigger:
xss_html_tag_based_action: alert_deny
xss_html_tag_based_status: enable
sql_stacked_queries_severity: High
sql_arithmetic_operation_threat_weight_value: 4
sql_function_based_threat_weight_value: 4
xss_html_css_based_trigger:
xss_html_tag_based_severity: High
xss_javascript_function_based_severity: High
sql_function_based_trigger:
sql_line_comments_trigger:
xss_html_css_based_block_period: 600
xss_javascript_variable_based_action: alert_deny
xss_javascript_function_based_threat_weight_value: 4
xss_javascript_function_based_status: enable
detection_target_xss: ARGS_NAMES ARGS_VALUE REQUEST_COOKIES
xss_javascript_function_based_threat_weight: severe
sql_embeded_queries_threat_weight_value: 4
xss_javascript_variable_based_status: enable
xss_javascript_function_based_trigger:
xss_html_css_based_threat_weight: severe
sql_condition_based_action: alert_deny
xss_javascript_variable_based_severity: High
sql_stacked_queries_block_period: 600
sql_line_comments_action: alert_deny
xss_html_tag_based_check_level: strict
name: test4
xss_html_tag_based_threat_weight_value: 4
sql_arithmetic_operation_threat_weight: severe
xss_html_css_based_severity: High
sql_function_based_block_period: 600
xss_html_css_based_action: alert_deny
sql_line_comments_threat_weight: severe
sql_function_based_action: alert_deny
xss_javascript_function_based_action: alert_deny
sql_line_comments_block_period: 600
sql_condition_based_trigger:
xss_html_attribute_based_status: enable
sql_line_comments_severity: High
xss_html_css_based_threat_weight_value: 4
xss_html_attribute_based_trigger:
vdom: root
Return Values
-------------
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
.. raw:: html
- 200 : OK: Request returns successful
- 400 : Bad Request: Request cannot be processed by the API
- 401 : Not Authorized: Request without successful login session
- 403 : Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
- 404 : Resource Not Found: Unable to find the specified resource.
- 405 : Method Not Allowed: Specified HTTP method is not allowed for this resource.
- 413 : Request Entity Too Large: Request cannot be processed due to large entity
- 424 : Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, invalid attribute value
- 429 : Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
- 500 : Internal Server Error: Internal error when processing the request
For errorcode please check FortiWeb API errorcode at : https://documenter.getpostman.com/view/11233300/TVetbkaK#887b9eb4-7c13-4338-a8db-16cc117f0119
Status
------
- This module is not guaranteed to have a backwards compatible interface.
Authors
-------
- Jie Li
- Brad Zhang
.. hint::
If you notice any issues in this documentation, you can create a pull request to improve it.