fadcos_waf_profile – Configuring a WAF Profile¶
New in version 1.3.0.
Parameters¶
- action - Type of action to perform on the object. type: str required: true
- name - Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. type: str required: true
- exception_name - Select a user-defined exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.type: str required: false
- desc - A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use.type: int required: false
- rule_match_record - Enable to allow the Security Log to display the part of the rule that is matched when the security event is logged. This is disabled by default. type: str required: false
- adaptive_learning - Select a predefined or user-defined Adaptive Learning configuration object.type: str required: true
- web_attack_signature - Select a predefined or user-defined Web Attack Signature configuration object.type: str required: false
- http_protocol_constraint - Select a predefined or user-defined HTTP Protocol Constraint configuration object.type: int required: false
- cookie_security - Select a user-defined Cookie Security configuration object. type: str required: false
- data_leak_prevention_name - Select a user-defined Data Leak Prevention configuration object.type: str required: true
- http_header_security_name - Select a user-defined HTTP Header Security configuration object.type: str required: false
- heuristic_sql_xss_injection_detection - Select a predefined or user-defined SQL/XSS Injection Detection configuration object.type: int required: false
- input_validation_policy_name - Select a user-defined Input Validation Policy configuration object. type: str required: false
- xml_validation_name - Select a predefined or user-defined XML Detection configuration object.type: str required: true(if VDOM is enabled)
- cors_protection - Select a user-defined CORS Protection configuration object.type: str required: true(if VDOM is enabled)
- brute_force_login_name - Select a user-defined Brute Force Attack Detection configuration object.type: str required: true(if VDOM is enabled)
- url_protection - Select a user-defined URL Protection configuration object.type: str required: true(if VDOM is enabled)
- credential_stuffing_defense - Select a user-defined Credential Stuffing Defense configuration object.type: str required: true(if VDOM is enabled)
- json_validation_name - Select a predefined or user-defined JSON Detection configuration object.type: str required: true(if VDOM is enabled)
- openapi_validation_name - Select a user-defined OpenAPI Detection configuration object.type: str required: true(if VDOM is enabled)
- api_gateway_policy_name - Select a user-defined API Gateway configuration object.type: str required: true(if VDOM is enabled)
- bot_detection_name - Select a user-defined Bot Detection configuration object.type: str required: true(if VDOM is enabled)
- threshold_based_detection - Select a predefined or user-defined Threshold Based Detection configuration object.type: str required: true(if VDOM is enabled)
- biometrics_based_detection - Select a user-defined Biometrics Based Detection configuration object.type: str required: true(if VDOM is enabled)
- fingerprint_based_detection - Select a user-defined Fingerprint Based Detection configuration object.type: str required: true(if VDOM is enabled)
- bot_detection_name - Select a user-defined Advanced Bot Protection configuration object.type: str required: true(if VDOM is enabled)
- advanced_protection_name - Select a user-defined Advanced Protection configuration object.type: str required: true(if VDOM is enabled)
- csrf_protection - Select a user-defined CSRF Protection configuration object.type: str required: true(if VDOM is enabled)
- vdom - VDOM name if enabled.type: str required: true(if VDOM is enabled)
Examples¶
- name:
hosts: all
vars:
connection: httpapi
gather_facts: false
tasks:
- name: Add WAF Profile
fadcos_waf_profile:
action: add
name: waf_tt1
- name: Get WAF Profile
fadcos_waf_profile:
action: get
name: waf_tt1
- name: Edit WAF Profile
fadcos_waf_profile:
action: edit
name: waf_tt1
adaptive_learning: Medium_Learning
cookie_security: CE1
- name: Delete WAF Profile
fadcos_waf_profile:
action: delete
name: waf_tt1
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- 200 - OK: Request returns successful.
- 400 - Bad Request: Request cannot be processed by the API.
- 401 - Not Authorized: Request without successful login session.
- 403 - Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
- 404 - Resource Not Found: Unable to find the specified resource.
- 405 - Method Not Allowed: Specified HTTP method is not allowed for this resource.
- 413 - Request Entity Too Large: Request cannot be processed due to large entity.
- 424 - Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, or invalid attribute value.
- 429 - Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
- 500 - Internal Server Error: Internal error when processing the request.
For errorcode please check FortiADC API errorcode at : https://fndn.fortinet.net/index.php?/fortiapi/981-fortiadc/