fadcos_waf_heuristic_sql_xss_injection_detection – Configuring an SQL/XSS Injection Detection policy

New in version 1.3.0.

Synopsis

  • Configuring an SQL/XSS Injection Detection policy

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.8

FortiADC Version Compatibility


v7.1.4 v7.2.2 v7.4.0
fadcos_waf_heuristic_sql_xss_injection_detection yes yes yes

Parameters

  • action - Type of action to perform on the object. type: str required: true
  • name - Specify the name of the type: str required: true
  • body_sql_injection_detection - Switch of the body SQL injection detection (enable or disable).type: str required: false
  • body_xss_detection - Switch of the body XSS detection (enable or disable).type: int required: false
  • cookie_sql_injection_detection - Switch of the cookie SQL injection detection (enable or disable). type: str required: false
  • cookie_xss_detection - Switch of the cookie XSS detection (enable or disable). type: str required: false
  • refer_sql_injection_detection - Switch of the Refer SQL injection detection (enable or disable). type: str required: false
  • refer_xss_detection - Switch of the Refer XSS detection (enable or disable). type: str required: false
  • sql_exception_name - Specify the name of exception in SQL detection.type: str required: false
  • sql_injection_action - Specify the action after targets detected in SQL injection detection.type: int required: false
  • sql_injection_detection - Switch of the SQL injection detection (enable or disable). type: str required: false
  • sql_injection_severity - Specify the severity after targets detected in SQL injection detection. type: str required: false
  • uri_sql_injection_detection - Switch of the URI SQL injection detection (enable or disable). type: str required: false
  • uri_xss_detection - Switch of the URI XSS detection (enable or disable). type: str required: false
  • xss_action - Specify the action after targets detected in XSS detection. type: str required: false
  • xss_detection - Switch of the XSS detection (enable or disable). type: str required: false
  • xss_exception_name - Specify the name of exception in XSS detection. type: str required: false
  • xss_severity - Specify the severity after targets detected in XSS detection. type: str required: false
  • vdom - VDOM name if enabled.type: str required: true(if VDOM is enabled)

Examples

- name:
  hosts: all
  vars:
  connection: httpapi
  gather_facts: false
  tasks:
    - name: Add WAF sql_xss_injection_detection
      fadcos_waf_heuristic_sql_xss_injection_detection:
        action: add
        name: sqlt2
        body_sql_injection_detection: disable
        body_xss_detection: disable
        cookie_sql_injection_detection: disable
        cookie_xss_detection: disable
        refer_sql_injection_detection: disable
        xss_severity: low

    - name: Add WAF sql_xss_injection_detection
      fadcos_waf_heuristic_sql_xss_injection_detection:
        action: add
        name: sqlt1
        body_sql_injection_detection: enable
        body_xss_detection: disable
        cookie_sql_injection_detection: disable
        cookie_xss_detection: disable
        refer_sql_injection_detection: disable
        xss_severity: low

    - name: edit WAF sql_xss_injection_detection
      fadcos_waf_heuristic_sql_xss_injection_detection:
        action: edit
        name: sqlt2
        xss_severity: high
        cookie_xss_detection: enable

    - name: get WAF sql_xss_injection_detection
      fadcos_waf_heuristic_sql_xss_injection_detection:
        action: get
        name: sqlt2

    - name: delete WAF sql_xss_injection_detection
      fadcos_waf_heuristic_sql_xss_injection_detection:
        action: delete
        name: sqlt1

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • 200 - OK: Request returns successful.
  • 400 - Bad Request: Request cannot be processed by the API.
  • 401 - Not Authorized: Request without successful login session.
  • 403 - Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
  • 404 - Resource Not Found: Unable to find the specified resource.
  • 405 - Method Not Allowed: Specified HTTP method is not allowed for this resource.
  • 413 - Request Entity Too Large: Request cannot be processed due to large entity.
  • 424 - Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, or invalid attribute value.
  • 429 - Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
  • 500 - Internal Server Error: Internal error when processing the request.

For errorcode please check FortiADC API errorcode at : https://fndn.fortinet.net/index.php?/fortiapi/981-fortiadc/

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Joseph Chen

Hint

If you notice any issues in this documentation, you can create a pull request to improve it at: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortiadc-sphinxdoc/pulls