:source: fadcos_waf_cookie_security.py :orphan: .. fadcos_waf_cookie_security: fadcos_waf_cookie_security -- Configure a Cookie Security policy ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 1.3.0 .. contents:: :local: :depth: 1 Synopsis -------- - Configure a Cookie Security policy Requirements ------------ The below requirements are needed on the host that executes this module. - ansible>=2.8 FortiADC Version Compatibility ------------------------------ .. raw:: html

	`v7.1.4`	`v7.2.2`	`v7.4.0`
fadcos_waf_cookie_security	yes	yes	yes

Parameters ---------- .. raw:: html

action - Type of action to perform on the object. type: str required: true
name - Specify the name of the type: str required: true
max_age - Specify the maximum age (in minutes) if the response from the backend server does not already have a "Max-Age" attribute, or does not have an "Expires" attribute. type: str required: false
samesite - Add SameSite attribute to prevent the browser from sending cookies along with cross-site requests, to mitigate the risk of cross-origin information leakage.type: str required: false
allow_suspicious_cookies - Select whether or not FortiADC will allow requests that contain unrecognizable cookies or if there are missing cookies.type: str required: false
cookie_replay - Disable or enable to allow FortiADC to use the IP address of a request to determine the owner of the cookie.type: str required: false
enc_cookie_type - Specify how cookies are encrypted.type: str required: false
dont_blk_until - Specify the date to begin blocking suspicious cookies.type: str required: false
exception - Specify exceptions identifing specific patterns that are not subject to processing by WAF rules.type: str required: false
http_only - Enable to add "HTTPOnly" flag to cookies.type: str required: false
rm_cookie - Enable so FortiADC will accept the request, but will also remove the cookie before sending it to backend web server.type: str required: false
sec_mode - Specify a security mode ("no", "signed", or "encrypted").type: str required: false
security_action - Select the action to apply.type: str required: false
secure - Enable to add the secure flag to cookies.type: str required: false
severity - Select which severity level FortiADC uses when using Cookie Security.type: str required: false
vdom - VDOM name if enabled.type: str required: true(if VDOM is enabled)

Examples -------- .. code-block:: yaml+jinja - name: hosts: all vars: connection: httpapi gather_facts: false tasks: - name: Add cookie_security fadcos_waf_cookie_security: action: add name: ck1 - name: Add cookie_security again fadcos_waf_cookie_security: action: add name: ck1 - name: edit acookie_security fadcos_waf_cookie_security: action: edit name: ck1 max_age: 250 samesite: lax - name: get acookie_security fadcos_waf_cookie_security: action: get name: ck1 - name: delete cookie security fadcos_waf_cookie_security: action: delete name: ck1 Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html

200 - OK: Request returns successful.
400 - Bad Request: Request cannot be processed by the API.
401 - Not Authorized: Request without successful login session.
403 - Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
404 - Resource Not Found: Unable to find the specified resource.
405 - Method Not Allowed: Specified HTTP method is not allowed for this resource.
413 - Request Entity Too Large: Request cannot be processed due to large entity.
424 - Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, or invalid attribute value.
429 - Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
500 - Internal Server Error: Internal error when processing the request.

For errorcode please check FortiADC API errorcode at : https://fndn.fortinet.net/index.php?/fortiapi/981-fortiadc/ Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Joseph Chen .. hint:: If you notice any issues in this documentation, you can create a pull request to improve it.