fadcos_waf_http_header_security_child_rule_list – Configure the HTTP Header Security Rules section of an HTTP Header Security policy¶

New in version 1.3.0.

Synopsis
Requirements
FortiADC Version Compatibility
Parameters
Examples
Return Values
Status
Authors

Synopsis ¶

Configure the HTTP Header Security Rules section of an HTTP Header Security policy

Requirements ¶

The below requirements are needed on the host that executes this module.

ansible>=2.8

FortiADC Version Compatibility ¶

	`v7.1.4`	`v7.2.2`	`v7.4.0`
fadcos_waf_http_header_security_child_rule_list	yes	yes	yes

Parameters ¶

action - Type of action to perform on the object. type: str required: true
name - Specify the HTTP Header Security policy name. type: str required: true
include_subdomain - Optional. If enabled, rule will apply to all of the site's subdomains as well.type: str required: false
max_age - The time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS. type: int required: false
id - Specify the ID of rule setting of the HTTP security header. type: str required: false
rule_name - Select the HTTP security header name (content-security-policy, x-content-type-options, x-frame-options, x-xss-protection, and http-strict-transport-security).type: str required: false
preload - Google maintains an HSTS preload service. By following the guidelines and successfully submitting your domain, browsers will never connect to your domain using an insecure connection. While the service is hosted by Google, all browsers have stated an intent to use (or actually started using) the preload list. Most major browsers (Chrome, Firefox, Opera, Safari, IE 11 and Edge) also have HSTS preload lists based on the Chrome list. (See the HSTS compatibility matrix.) However, it is not part of the HSTS specification and should not be treated as official.type: int required: false
policy - The Policy option is available if the Name is content-security-policy. Enter the header value(s) that setting restrictions on resource types and sources. For example, default-src 'self';script-src 'self';object-src 'self'. type: str required: false
report_only - Enabling report-only switches to “Content-Security-Policy-Report-Only” header, which accepts all directives of CSP. However, “report-only” header only monitors the violations. FortiADC will check the existing of “report-uri” directive once “report-only” selected. type: str required: false
value - Specify the HTTP header value. type: str required: false
vdom - VDOM name if enabled.type: str required: true(if VDOM is enabled)

Examples ¶

- name:
  hosts: all
  vars:
  connection: httpapi
  gather_facts: false
  tasks:
    - name: Add waf_http_header_security_child_rule_list
      fadcos_waf_http_header_security_child_rule_list:
        action: add
        name: hts1
        include_subdomain: disable
        max_age: 31536000
        rule_name: x-xss-protection
        preload: disable
        report_only: disable
        value: block-mode

    - name: edit waf_http_header_security_child_rule_list
      fadcos_waf_http_header_security_child_rule_list:
        action: edit
        name: hts1
        id: 1
        include_subdomain: disable
        rule_name: content-security-policy
        policy: p1

    - name: get waf_http_header_security_child_rule_list
      fadcos_waf_http_header_security_child_rule_list:
        action: edit
        name: hts1
        id: 1

    - name: delete waf_http_header_security_child_rule_list
      fadcos_waf_http_header_security_child_rule_list:
        action: delete
        name: hts1
        id: 1

Return Values ¶

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

200 - OK: Request returns successful.
400 - Bad Request: Request cannot be processed by the API.
401 - Not Authorized: Request without successful login session.
403 - Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
404 - Resource Not Found: Unable to find the specified resource.
405 - Method Not Allowed: Specified HTTP method is not allowed for this resource.
413 - Request Entity Too Large: Request cannot be processed due to large entity.
424 - Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, or invalid attribute value.
429 - Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
500 - Internal Server Error: Internal error when processing the request.

For errorcode please check FortiADC API errorcode at : https://fndn.fortinet.net/index.php?/fortiapi/981-fortiadc/

Status ¶

This module is not guaranteed to have a backwards compatible interface.

Authors ¶

Joseph Chen

Hint

If you notice any issues in this documentation, you can create a pull request to improve it at: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortiadc-sphinxdoc/pulls