fadcos_waf_cors_protection_rule_list – Configuring a Rule object of a CORS Protection Policy

New in version 1.3.0.

Synopsis

  • Configuring a Rule object of a CORS Protection Policy

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.8

FortiADC Version Compatibility


v7.1.4 v7.2.2 v7.4.0
fadcos_waf_cors_protection_rule_list yes yes yes

Parameters

  • action - Type of action to perform on the object. type: str required: true
  • name - Specify the name of the rule. type: str required: true
  • host_status - Enable/disable to allow this rule to protect a specific domain name or IP address. type: str required: false
  • host - Specify the host name. type: str required: false
  • id - Specify the ID of rule in the protection rule list.type: int required: false
  • allowed_headers - Enable/disable to allow FortiADC to use the CORS Headers List to verify whether the headers used in the CORS requests are legitimate. type: str required: false
  • allowed_headers_list - Specify the name of the CORS Headers List to allow. type: str required: false
  • allowed_methods - Enable/disable to allow FortiADC to use the Methods specified to verify whether the methods used in the CORS requests are legitimate. type: str required: false
  • allowed_origin - Specify the name of the Allowed Origin. type: str required: false
  • apply_to_all_cors_traffic - Enable/disable to apply the CORS Protection Rule to all CORS traffic. type: str required: false
  • exposed_headers - Enable/disable to allow FortiADC to expose the specified headers in the CORS Headers List in JavaScript and share with foreign applications. type: str required: false
  • exposed_headers_list - Specify the name of the CORS Headers List to expose. type: str required: false
  • insert_allowed_credentials - Enable/disable to allow whether the CORS requests from foreign applications can include user credentials. type: str required: false
  • allowed_credentials - Specify the allow Credentials to be inserted. type: str required: false
  • insert_max_age - Enable/disable to specify a maximum time period before the result of the preflight request expires. type: str required: false
  • allowed_max_age - Specify the maximum time period in seconds. type: str required: false
  • methods - Specify the methods. type: str required: false
  • request_url - Specify the request URL as a regular expression. type: str required: false
  • vdom - VDOM name if enabled.type: str required: true(if VDOM is enabled)

Examples

- name:
  hosts: all
  vars:
  connection: httpapi
  gather_facts: false
  tasks:
    - name: Add WAF cors_protection_rule_list entry
      fadcos_waf_cors_protection_rule_list:
        action: add
        name: test_cp
        allowed_credentials: false
        allowed_headers: enable
        allowed_headers_list: cor1
        allowed_max_age: 0
        allowed_methods: enable
        allowed_origin: awo
        apply_to_all_cors_traffic: disable
        exposed_headers: enable
        exposed_headers_list: cor1
        host: jjjjj
        host_status: enable
        insert_allowed_credentials: enable
        insert_max_age: enable
        methods: GET HEAD TRACE CONNECT
        request_url: /test/jjjjj

    - name: edit WAF cors_protection_rule_list entry
      fadcos_waf_cors_protection_rule_list:
        action: edit
        name: test_cp
        id: 3
        allowed_credentials: false
        host: zzzz
        request_url: /test/zzzzz

    - name: get WAF cors_protection_rule_list entry
      fadcos_waf_cors_protection_rule_list:
        action: get
        name: test_cp
        id: 3

    - name: delete WAF cors_protection_rule_list entry
      fadcos_waf_cors_protection_rule_list:
        action: delete
        name: test_cp
        id: 1

    - name: delete WAF cors_protection_rule_list entry
      fadcos_waf_cors_protection_rule_list:
        action: delete
        name: test_cp
        id: 1

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • 200 - OK: Request returns successful.
  • 400 - Bad Request: Request cannot be processed by the API.
  • 401 - Not Authorized: Request without successful login session.
  • 403 - Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
  • 404 - Resource Not Found: Unable to find the specified resource.
  • 405 - Method Not Allowed: Specified HTTP method is not allowed for this resource.
  • 413 - Request Entity Too Large: Request cannot be processed due to large entity.
  • 424 - Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, or invalid attribute value.
  • 429 - Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
  • 500 - Internal Server Error: Internal error when processing the request.

For errorcode please check FortiADC API errorcode at : https://fndn.fortinet.net/index.php?/fortiapi/981-fortiadc/

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Joseph Chen

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.