fadcos_waf_http_protocol_constraint – Configuring an HTTP Protocol Constraint policy¶
New in version 1.3.0.
FortiADC Version Compatibility¶
v7.1.4 |
v7.2.2 |
v7.4.0 |
|
| fadcos_waf_http_protocol_constraint | yes | yes | yes |
Parameters¶
- action - Type of action to perform on the object. type: str required: true
- name - Enter a unique HTTP protocol constraint policy name. type: str required: true
- max_uri_length - Maximum characters in an HTTP request URI. The default is 2048. The valid range is 1-8192.type: str required: false
- max_uri_length_action - Select the action profile that you want to apply for too many characters in an HTTP request URI. type: str required: true
- max_uri_length_severity - Set the severity level in WAF logs of the too large numbers of characters in an HTTP request URI.type: str required: true
- max_url_param_name_len - Maximum characters in a URL parameter name. The default is 1024. The valid range is 1-2048. type: str required: true
- max_url_param_name_len_action - Select the action profile that you want to apply for too many characters in a URL parameter name. type: str required: true
- max_url_param_name_len_severity - Set the severity level in WAF logs of a too large number of characters in a URL parameter name.type: str required: true
- max_url_param_value_len - Maximum characters in a URL parameter value. The default is 4096. The valid range is 1-8192.type: str required: true
- illegal_host_name - Enable/disable hostname checks.type: int required: false
- illegal_host_name_action - Select the action profile that you want to apply for hostname checks. type: str required: true
- illegal_host_name_severity - Set the severity level in WAF logs of the failed hostname checks. type: str required: true
- illegal_http_version - Enable/disable the HTTP version check. type: str required: false
- illegal_http_version_action - Select the action profile that you want to apply for the HTTP version check. type: str required: true
- illegal_http_version_severity - Set the severity level in WAF logs of the failed HTTP version check. type: str required: true
- illegal_multipart - Enable/Disable the HTTP body multipart check. type: str required: true
- illegal_multipart_action - Select the action profile that you want to apply for the the HTTP body multipart check. type: str required: false
- illegal_multipart_severity - Set the severity level in WAF logs of the failed HTTP body multipart check. type: str required: false
- max_cookie_number - Maximum number of cookie headers in an HTTP request. type: str required: true
- max_cookie_number_action - Select the action profile that you want to apply for the oversized cookie headers. type: str required: true
- max_cookie_number_severity - Set the severity level in WAF logs of the oversized cookie headers. type: str required: true
- max_header_number - Maximum number of headers in an HTTP request. The default is 50. Requests with more headers are a symptom of a buffer overflow attack or an attempt to evade detection mechanisms. The valid configuration range is 1-100. type: str required: true
- max_header_number_action - Select the action profile that you want to apply when the number of headers in an HTTP request is too large. type: str required: false
- max_header_number_severity - Set the severity level in WAF logs of the too large numbers of headers in an HTTP request. type: str required: false
- max_header_length - Maximum length of the HTTP request header. The default is 8192. The valid range is 1-16384.type: str required: false
- max_header_length_action - Select the action profile that you want to apply for too long headers. type: str required: true
- max_header_length_severity - Set the severity level in WAF logs of too long headers in an HTTP request.type: str required: false
- max_req_hdr_name_len - Maximum characters in an HTTP request header name. The default is 1024. The valid range is 1-8192.type: int required: false
- max_req_hdr_name_len_action - Select the action profile that you want to apply for too large numbers of characters in an HTTP request header name. type: str required: false
- max_req_hdr_name_len_severity - Set the severity level in WAF logs of the too large numbers of characters in an HTTP request header name. type: str required: false
- max_req_hdr_value_len - Maximum characters in an HTTP request header value. The default is 4096. Longer headers might be a symptom of a buffer overflow attack. The valid configuration range is 1-8192.type: str required: false
- max_body_length - Maximum length of the HTTP body. The default is 67108864. The valid range is 1-67108864.type: int required: false
- max_body_length_action - Select the action profile that you want to apply for invalid HTTP body length. type: str required: true
- max_body_length_severity - Set the severity level in WAF logs of the failed HTTP body multipart check. type: str required: false
- constraint_method_override - Enable/Disable to scan request method and try to match it in request method rule in following override headers. type: str required: false
- vdom - VDOM name if enabled.type: str required: true(if VDOM is enabled)
Examples¶
- name:
hosts: all
vars:
connection: httpapi
gather_facts: false
tasks:
- name: Add WAF http_protocol_constraint
fadcos_waf_http_protocol_constraint:
action: add
name: htest1
constraint_method_override: disable
illegal_host_name: disable
illegal_host_name_action: alert
illegal_host_name_severity: low
illegal_http_version: disable
illegal_http_version_action: alert
illegal_http_version_severity: low
illegal_multipart: disable
illegal_multipart_action: alert
illegal_multipart_severity: low
max_body_length: 67108864
max_body_length_action: alert
max_body_length_severity: low
max_cookie_number: 16
max_cookie_number_action: alert
max_cookie_number_severity: low
max_header_length: 8192
max_header_length_action: alert
max_header_length_severity: low
max_header_number: 50
max_header_number_action: alert
max_header_number_severity: low
max_req_hdr_name_len: 1024
max_req_hdr_name_len_action: alert
max_req_hdr_name_len_severity: low
max_req_hdr_value_len: 4096
max_req_hdr_value_len_action: alert
max_req_hdr_value_len_severity: low
max_uri_length: 2048
max_uri_length_action: deny
max_uri_length_severity: low
max_url_param_name_len: 1024
max_url_param_name_len_action: alert
max_url_param_name_len_severity: low
max_url_param_value_len: 4096
max_url_param_value_len_action: alert
max_url_param_value_len_severity: low
- name: get WAF http_protocol_constraint
fadcos_waf_http_protocol_constraint:
action: get
name: htest1
- name: edit WAF http_protocol_constraint
fadcos_waf_http_protocol_constraint:
action: edit
name: htest1
max_header_number: 88
- name: delete WAF http_protocol_constraint
fadcos_waf_http_protocol_constraint:
action: delete
name: HPC1
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- 200 - OK: Request returns successful.
- 400 - Bad Request: Request cannot be processed by the API.
- 401 - Not Authorized: Request without successful login session.
- 403 - Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
- 404 - Resource Not Found: Unable to find the specified resource.
- 405 - Method Not Allowed: Specified HTTP method is not allowed for this resource.
- 413 - Request Entity Too Large: Request cannot be processed due to large entity.
- 424 - Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, or invalid attribute value.
- 429 - Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
- 500 - Internal Server Error: Internal error when processing the request.
For errorcode please check FortiADC API errorcode at : https://fndn.fortinet.net/index.php?/fortiapi/981-fortiadc/
Authors¶
- Joseph Chen
Hint
If you notice any issues in this documentation, you can create a pull request to improve it at: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortiadc-sphinxdoc/pulls