:source: fadcos_waf_xml_validation_detection.py
:orphan:
.. fadcos_waf_xml_validation_detection:
fadcos_waf_xml_validation_detection -- Configuring XML Detection
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.. versionadded:: 1.3.0
.. contents::
:local:
:depth: 1
Synopsis
--------
- Configuring XML Detection
Requirements
------------
The below requirements are needed on the host that executes this module.
- ansible>=2.8
FortiADC Version Compatibility
------------------------------
.. raw:: html
|
v7.1.4 |
v7.2.2 |
v7.4.0 |
| fadcos_waf_xml_validation_detection |
yes |
yes |
yes |
Parameters
----------
.. raw:: html
- action - Type of action to perform on the object. type: str required: true
- name - Enter the name of the XML Detection profile. You will use the name to select the XML Detection profile in WAF profiles. No spaces. type: str required: true
- xml_format_checks - Enter the name of the XML Detection profile. You will use the name to select the XML Detection profile in WAF profiles. No spaces. type: str required: true
- soap_format_checks - Enable or disable Soap Format Check.type: str required: false
- soap_wsdl_checks - Enable or disable WSDL Check.type: int required: false
- xml_schema_checks - Enable or disable XML Schema Check. type: str required: false
- xml_schema_id - Select the XML schema file that you want to use to check whether XML content is valid. type: str required: true
- soap_wsdl_id - Select a WSDL file from the list menu, which shows all WSDL files that are shown (uploaded) on the WSDL page. type: str required: true
- xml_limit_checks - Enable to enforce parsing limits to protect web servers from DOS attacks, including XML bombs and transform injections. type: str required: false
- limit_max_attr - Limits the maximum number of attributes each individual element is allowed to have. Available only when XML Limit Checks is enabled.type: int required: false
- limit_max_attr_name_len - Limits the maximum length of each attribute name. The default value is 128. The valid range is 1–2048. Available only when XML Limit Checks is enabled. type: str required: false
- limit_max_attr_value_len - Limits the maximum length of each attribute value. The default value is 128. The valid range is 1–2048. Available only when XML Limit Checks is enabled. type: str required: true
- limit_max_cdata_len - Limits the length of the CDATA section for each element. The default value is 65535. The valid range is 1–65535. Available only when XML Limit Checks is enabled. type: str required: true
- limit_max_elem_child - Limits the maximum number of children each element is allowed, and includes other elements and character information. The default value is 65535. The valid range is 1–65535. Available only when XML Limit Checks is enabled.type: str required: false
- limit_max_elem_depth - Limits the maximum number of nested levels in each element. The default value is 256. The valid range is 1–65535. Available only when XML Limit Checks is enabled.type: int required: false
- limit_max_elem_name_len - Limits the maximum length of the name of each element. The default value is 128. The valid range is 1–65535. Available only when XML Limit Checks is enabled.type: str required: false
- limit_max_namespace - Limits the number of namespace declarations in the XML document. The default value is 16. The valid range is 0–256. Available only when XML Limit Checks is enabled. type: str required: true
- limit_max_namespace_uri_len - Limits the URI length for each namespace declaration. The default value is 256. The valid range is 0–1024. Available only when XML Limit Checks is enabled. type: str required: true
- xml_xss_checks - Enable to examine the bodies of incoming XML requests that might indicate possible cross-site scripting attacks. type: str required: true
- xml_sql_injection_checks - Enable to examine bodies of incoming requests for inappropriate SQL characters and keywords that might indicate an SQL injection attack. type: str required: true
- severity - Set the severity level in WAF logs of potential attacks detected by the XML Detection profile. type: str required: true
- security_action - Select the action profile that you want to apply. type: str required: true
- exception_id - Optional. Select the exception profile that you want to apply to the XML Detection profile. type: str required: true
- action - Type of action to perform on the object. type: str required: true
- vdom - VDOM name if enabled.type: str required: true(if VDOM is enabled)
Examples
--------
.. code-block:: yaml+jinja
- name:
hosts: all
vars:
connection: httpapi
gather_facts: false
tasks:
- name: Add WAF xml_validation_detection
fadcos_waf_xml_validation_detection:
action: add
name: xxx2
limit_max_attr: 256
limit_max_attr_name_len: 128
limit_max_attr_value_len: 128
limit_max_cdata_len: 65535
limit_max_elem_child: 65535
limit_max_elem_depth: 256
limit_max_elem_name_len: 128
limit_max_namespace: 16
limit_max_namespace_uri_len: 256
severity: low
soap_format_checks: enable
soap_wsdl_checks: enable
xml_format_checks: enable
xml_limit_checks: enable
xml_schema_checks: enable
- name: edit WAF xml_validation_detection
fadcos_waf_xml_validation_detection:
action: edit
name: xxx2
limit_max_attr: 200
limit_max_attr_name_len: 200
limit_max_attr_value_len: 200
security_action: block
- name: get WAF xml_validation_detection
fadcos_waf_xml_validation_detection:
action: get
name: xxx2
- name: delete WAF xml_validation_detection
fadcos_waf_xml_validation_detection:
action: delete
name: xxx1
Return Values
-------------
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
.. raw:: html
- 200 - OK: Request returns successful.
- 400 - Bad Request: Request cannot be processed by the API.
- 401 - Not Authorized: Request without successful login session.
- 403 - Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
- 404 - Resource Not Found: Unable to find the specified resource.
- 405 - Method Not Allowed: Specified HTTP method is not allowed for this resource.
- 413 - Request Entity Too Large: Request cannot be processed due to large entity.
- 424 - Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, or invalid attribute value.
- 429 - Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
- 500 - Internal Server Error: Internal error when processing the request.
For errorcode please check FortiADC API errorcode at : https://fndn.fortinet.net/index.php?/fortiapi/981-fortiadc/
Status
------
- This module is not guaranteed to have a backwards compatible interface.
Authors
-------
- Joseph Chen
.. hint::
If you notice any issues in this documentation, you can create a pull request to improve it at: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortiadc-sphinxdoc/pulls