source: | fortios_webfilter_profile.py |
---|---|
orphan: |
.. versionadded:: 2.0.0
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify webfilter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
The below requirements are needed on the host that executes this module.
- ansible>=2.15
Using member operation to add an element to an existing object.
Supported Version Ranges: v6.0.0 -> 7.4.3
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- state - Indicates whether to create or remove the object. type: str required: true choices: present, absent
- webfilter_profile - Configure Web filter profiles. type: dict
more...
Supported Version Ranges webfilter_profile v6.0.0 -> 7.4.3
- antiphish - AntiPhishing profile. type: dict
more...
Supported Version Ranges antiphish v6.4.0 -> 7.4.3
- authentication - Authentication methods. type: str choices: domain-controller, ldap
more...
Supported Version Ranges authentication v7.0.0 -> 7.4.3
[domain-controller] v7.0.0 -> 7.4.3
[ldap] v7.0.0 -> 7.4.3
- check_basic_auth - Enable/disable checking of HTTP Basic Auth field for known credentials. type: str choices: enable, disable
more...
Supported Version Ranges check_basic_auth v6.4.0 -> 7.4.3
[enable] v6.4.0 -> 7.4.3
[disable] v6.4.0 -> 7.4.3
- check_uri - Enable/disable checking of GET URI parameters for known credentials. type: str choices: enable, disable
more...
Supported Version Ranges check_uri v6.4.0 -> 7.4.3
[enable] v6.4.0 -> 7.4.3
[disable] v6.4.0 -> 7.4.3
- check_username_only - Enable/disable username only matching of credentials. Action will be taken for valid usernames regardless of password validity. type: str choices: enable, disable
more...
Supported Version Ranges check_username_only v6.4.4 -> 7.4.3
[enable] v6.4.4 -> 7.4.3
[disable] v6.4.4 -> 7.4.3
- custom_patterns - Custom username and password regex patterns. type: list member_path: antiphish/custom_patterns:pattern
more...
Supported Version Ranges custom_patterns v6.4.0 -> 7.4.3
- category - Category that the pattern matches. type: str choices: username, password
more...
Supported Version Ranges category v6.4.0 -> 7.4.3
[username] v6.4.0 -> 7.4.3
[password] v6.4.0 -> 7.4.3
- pattern - Target pattern. type: str required: true
more...
Supported Version Ranges pattern v6.4.0 -> 7.4.3
- type - Pattern will be treated either as a regex pattern or literal string. type: str choices: regex, literal
more...
Supported Version Ranges type v7.0.0 -> 7.4.3
[regex] v7.0.0 -> 7.4.3
[literal] v7.0.0 -> 7.4.3
- default_action - Action to be taken when there is no matching rule. type: str choices: exempt, log, block
more...
Supported Version Ranges default_action v6.4.0 -> 7.4.3
[exempt] v6.4.0 -> 7.4.3
[log] v6.4.0 -> 7.4.3
[block] v6.4.0 -> 7.4.3
- domain_controller - Domain for which to verify received credentials against. Source user.domain-controller.name credential-store.domain-controller .server-name. type: str
more...
Supported Version Ranges domain_controller v6.4.0 -> 7.4.3
- inspection_entries - AntiPhishing entries. type: list member_path: antiphish/inspection_entries:name
more...
Supported Version Ranges inspection_entries v6.4.0 -> 7.4.3
- action - Action to be taken upon an AntiPhishing match. type: str choices: exempt, log, block
more...
Supported Version Ranges action v6.4.0 -> 7.4.3
[exempt] v6.4.0 -> 7.4.3
[log] v6.4.0 -> 7.4.3
[block] v6.4.0 -> 7.4.3
- fortiguard_category - FortiGuard category to match. type: list
- name - Inspection target name. type: str required: true
more...
Supported Version Ranges name v6.4.0 -> 7.4.3
- ldap - LDAP server for which to verify received credentials against. Source user.ldap.name. type: str
more...
Supported Version Ranges ldap v7.0.0 -> 7.4.3
- max_body_len - Maximum size of a POST body to check for credentials. type: int
more...
Supported Version Ranges max_body_len v6.4.0 -> 7.4.3
- status - Toggle AntiPhishing functionality. type: str choices: enable, disable
more...
Supported Version Ranges status v6.4.0 -> 7.4.3
[enable] v6.4.0 -> 7.4.3
[disable] v6.4.0 -> 7.4.3
- comment - Optional comments. type: str
more...
Supported Version Ranges comment v6.0.0 -> 7.4.3
- extended_log - Enable/disable extended logging for web filtering. type: str choices: enable, disable
more...
Supported Version Ranges extended_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- feature_set - Flow/proxy feature set. type: str choices: flow, proxy
more...
Supported Version Ranges feature_set v6.4.0 -> 7.4.3
[flow] v6.4.0 -> 7.4.3
[proxy] v6.4.0 -> 7.4.3
- file_filter - File filter. type: dict
more...
Supported Version Ranges file_filter v6.2.0 -> v6.2.7
- entries - File filter entries. type: list member_path: file_filter/entries:filter
more...
Supported Version Ranges entries v6.2.0 -> v6.2.7
- action - Action taken for matched file. type: str choices: log, block
more...
Supported Version Ranges action v6.2.0 -> v6.2.7
[log] v6.2.0 -> v6.2.7
[block] v6.2.0 -> v6.2.7
- comment - Comment. type: str
more...
Supported Version Ranges comment v6.2.0 -> v6.2.7
- direction - Match files transmitted in the session"s originating or reply direction. type: str choices: incoming, outgoing, any
more...
Supported Version Ranges direction v6.2.0 -> v6.2.7
[incoming] v6.2.0 -> v6.2.7
[outgoing] v6.2.0 -> v6.2.7
[any] v6.2.0 -> v6.2.7
- file_type - Select file type. type: list member_path: file_filter/entries:filter/file_type:name
more...
Supported Version Ranges file_type v6.2.0 -> v6.2.7
- name - File type name. Source antivirus.filetype.name. type: str required: true
more...
Supported Version Ranges name v6.2.0 -> v6.2.7
- filter - Add a file filter. type: str required: true
more...
Supported Version Ranges filter v6.2.0 -> v6.2.7
- password_protected - Match password-protected files. type: str choices: yes, any
more...
Supported Version Ranges password_protected v6.2.0 -> v6.2.7
[yes] v6.2.0 -> v6.2.7
[any] v6.2.0 -> v6.2.7
- protocol - Protocols to apply with. type: list choices: http, ftp
more...
Supported Version Ranges protocol v6.2.0 -> v6.2.7
[http] v6.2.0 -> v6.2.7
[ftp] v6.2.0 -> v6.2.7
- log - Enable/disable file filter logging. type: str choices: enable, disable
more...
Supported Version Ranges log v6.2.0 -> v6.2.7
[enable] v6.2.0 -> v6.2.7
[disable] v6.2.0 -> v6.2.7
- scan_archive_contents - Enable/disable file filter archive contents scan. type: str choices: enable, disable
more...
Supported Version Ranges scan_archive_contents v6.2.0 -> v6.2.7
[enable] v6.2.0 -> v6.2.7
[disable] v6.2.0 -> v6.2.7
- status - Enable/disable file filter. type: str choices: enable, disable
more...
Supported Version Ranges status v6.2.0 -> v6.2.7
[enable] v6.2.0 -> v6.2.7
[disable] v6.2.0 -> v6.2.7
- ftgd_wf - FortiGuard Web Filter settings. type: dict
more...
Supported Version Ranges ftgd_wf v6.0.0 -> 7.4.3
- exempt_quota - Do not stop quota for these categories. type: list
- filters - FortiGuard filters. type: list member_path: ftgd_wf/filters:id
more...
Supported Version Ranges filters v6.0.0 -> 7.4.3
- action - Action to take for matches. type: str choices: block, authenticate, monitor, warning
more...
Supported Version Ranges action v6.0.0 -> 7.4.3
[block] v6.0.0 -> 7.4.3
[authenticate] v6.0.0 -> 7.4.3
[monitor] v6.0.0 -> 7.4.3
[warning] v6.0.0 -> 7.4.3
- auth_usr_grp - Groups with permission to authenticate. type: list member_path: ftgd_wf/filters:id/auth_usr_grp:name
more...
Supported Version Ranges auth_usr_grp v6.0.0 -> 7.4.3
- name - User group name. Source user.group.name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> 7.4.3
- category - Categories and groups the filter examines. type: int
more...
Supported Version Ranges category v6.0.0 -> 7.4.3
- id - ID number. see Notes. type: int required: true
more...
Supported Version Ranges id v6.0.0 -> 7.4.3
- log - Enable/disable logging. type: str choices: enable, disable
more...
Supported Version Ranges log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- override_replacemsg - Override replacement message. type: str
more...
Supported Version Ranges override_replacemsg v6.0.0 -> 7.4.3
- warn_duration - Duration of warnings. type: str
more...
Supported Version Ranges warn_duration v6.0.0 -> 7.4.3
- warning_duration_type - Re-display warning after closing browser or after a timeout. type: str choices: session, timeout
more...
Supported Version Ranges warning_duration_type v6.0.0 -> 7.4.3
[session] v6.0.0 -> 7.4.3
[timeout] v6.0.0 -> 7.4.3
- warning_prompt - Warning prompts in each category or each domain. type: str choices: per-domain, per-category
more...
Supported Version Ranges warning_prompt v6.0.0 -> 7.4.3
[per-domain] v6.0.0 -> 7.4.3
[per-category] v6.0.0 -> 7.4.3
- max_quota_timeout - Maximum FortiGuard quota used by single page view in seconds (excludes streams). type: int
more...
Supported Version Ranges max_quota_timeout v6.0.0 -> 7.4.3
- options - Options for FortiGuard Web Filter. type: list choices: error-allow, rate-server-ip, connect-request-bypass, ftgd-disable
more...
Supported Version Ranges options v6.0.0 -> 7.4.3
[error-allow] v6.0.0 -> 7.4.3
[rate-server-ip] v6.0.0 -> 7.4.3
[connect-request-bypass] v6.0.0 -> 7.4.3
[ftgd-disable] v6.0.0 -> 7.4.3
- ovrd - Allow web filter profile overrides. type: list
- quota - FortiGuard traffic quota settings. type: list member_path: ftgd_wf/quota:id
more...
Supported Version Ranges quota v6.0.0 -> 7.4.3
- category - FortiGuard categories to apply quota to (category action must be set to monitor). type: list
- duration - Duration of quota. type: str
more...
Supported Version Ranges duration v6.0.0 -> 7.4.3
- id - ID number. see Notes. type: int required: true
more...
Supported Version Ranges id v6.0.0 -> 7.4.3
- override_replacemsg - Override replacement message. type: str
more...
Supported Version Ranges override_replacemsg v6.0.0 -> 7.4.3
- type - Quota type. type: str choices: time, traffic
more...
Supported Version Ranges type v6.0.0 -> 7.4.3
[time] v6.0.0 -> 7.4.3
[traffic] v6.0.0 -> 7.4.3
- unit - Traffic quota unit of measurement. type: str choices: B, KB, MB, GB
more...
Supported Version Ranges unit v6.0.0 -> 7.4.3
[B] v6.0.0 -> 7.4.3
[KB] v6.0.0 -> 7.4.3
[MB] v6.0.0 -> 7.4.3
[GB] v6.0.0 -> 7.4.3
- value - Traffic quota value. type: int
more...
Supported Version Ranges value v6.0.0 -> 7.4.3
- rate_crl_urls - Enable/disable rating CRL by URL. type: str choices: disable, enable
more...
Supported Version Ranges rate_crl_urls v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
- rate_css_urls - Enable/disable rating CSS by URL. type: str choices: disable, enable
more...
Supported Version Ranges rate_css_urls v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
- rate_image_urls - Enable/disable rating images by URL. type: str choices: disable, enable
more...
Supported Version Ranges rate_image_urls v6.0.0 -> v6.4.1
[disable] v6.0.0 -> v6.4.1
[enable] v6.0.0 -> v6.4.1
- rate_javascript_urls - Enable/disable rating JavaScript by URL. type: str choices: disable, enable
more...
Supported Version Ranges rate_javascript_urls v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
- https_replacemsg - Enable replacement messages for HTTPS. type: str choices: enable, disable
more...
Supported Version Ranges https_replacemsg v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- inspection_mode - Web filtering inspection mode. type: str choices: proxy, flow-based
more...
Supported Version Ranges inspection_mode v6.0.0 -> v6.0.11
[proxy] v6.0.0 -> v6.0.11
[flow-based] v6.0.0 -> v6.0.11
- log_all_url - Enable/disable logging all URLs visited. type: str choices: enable, disable
more...
Supported Version Ranges log_all_url v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- name - Profile name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> 7.4.3
- options - Options. type: list choices: activexfilter, cookiefilter, javafilter, block-invalid-url, jscript, js, vbs, unknown, intrinsic, wf-referer, wf-cookie, per-user-bal, per-user-bwl
more...
Supported Version Ranges options v6.0.0 -> 7.4.3
[activexfilter] v6.0.0 -> 7.4.3
[cookiefilter] v6.0.0 -> 7.4.3
[javafilter] v6.0.0 -> 7.4.3
[block-invalid-url] v6.0.0 -> 7.4.3
[jscript] v6.0.0 -> 7.4.3
[js] v6.0.0 -> 7.4.3
[vbs] v6.0.0 -> 7.4.3
[unknown] v6.0.0 -> 7.4.3
[intrinsic] v6.0.0 -> 7.4.3
[wf-referer] v6.0.0 -> 7.4.3
[wf-cookie] v6.0.0 -> 7.4.3
[per-user-bal] v7.0.0 -> 7.4.3
[per-user-bwl] v6.0.0 -> v6.4.4
- override - Web Filter override settings. type: dict
more...
Supported Version Ranges override v6.0.0 -> 7.4.3
- ovrd_cookie - Allow/deny browser-based (cookie) overrides. type: str choices: allow, deny
more...
Supported Version Ranges ovrd_cookie v6.0.0 -> 7.4.3
[allow] v6.0.0 -> 7.4.3
[deny] v6.0.0 -> 7.4.3
- ovrd_dur - Override duration. type: str
more...
Supported Version Ranges ovrd_dur v6.0.0 -> 7.4.3
- ovrd_dur_mode - Override duration mode. type: str choices: constant, ask
more...
Supported Version Ranges ovrd_dur_mode v6.0.0 -> 7.4.3
[constant] v6.0.0 -> 7.4.3
[ask] v6.0.0 -> 7.4.3
- ovrd_scope - Override scope. type: str choices: user, user-group, ip, browser, ask
more...
Supported Version Ranges ovrd_scope v6.0.0 -> 7.4.3
[user] v6.0.0 -> 7.4.3
[user-group] v6.0.0 -> 7.4.3
[ip] v6.0.0 -> 7.4.3
[browser] v6.0.0 -> 7.4.3
[ask] v6.0.0 -> 7.4.3
- ovrd_user_group - User groups with permission to use the override. type: list member_path: override/ovrd_user_group:name
more...
Supported Version Ranges ovrd_user_group v6.0.0 -> 7.4.3
- name - User group name. Source user.group.name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> 7.4.3
- profile - Web filter profile with permission to create overrides. type: list member_path: override/profile:name
more...
Supported Version Ranges profile v6.0.0 -> 7.4.3
- name - Web profile. Source webfilter.profile.name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> 7.4.3
- profile_attribute - Profile attribute to retrieve from the RADIUS server. type: str choices: User-Name, NAS-IP-Address, Framed-IP-Address, Framed-IP-Netmask, Filter-Id, Login-IP-Host, Reply-Message, Callback-Number, Callback-Id, Framed-Route, Framed-IPX-Network, Class, Called-Station-Id, Calling-Station-Id, NAS-Identifier, Proxy-State, Login-LAT-Service, Login-LAT-Node, Login-LAT-Group, Framed-AppleTalk-Zone, Acct-Session-Id, Acct-Multi-Session-Id
more...
Supported Version Ranges profile_attribute v6.0.0 -> 7.4.3
[User-Name] v6.0.0 -> 7.4.3
[NAS-IP-Address] v6.0.0 -> 7.4.3
[Framed-IP-Address] v6.0.0 -> 7.4.3
[Framed-IP-Netmask] v6.0.0 -> 7.4.3
[Filter-Id] v6.0.0 -> 7.4.3
[Login-IP-Host] v6.0.0 -> 7.4.3
[Reply-Message] v6.0.0 -> 7.4.3
[Callback-Number] v6.0.0 -> 7.4.3
[Callback-Id] v6.0.0 -> 7.4.3
[Framed-Route] v6.0.0 -> 7.4.3
[Framed-IPX-Network] v6.0.0 -> 7.4.3
[Class] v6.0.0 -> 7.4.3
[Called-Station-Id] v6.0.0 -> 7.4.3
[Calling-Station-Id] v6.0.0 -> 7.4.3
[NAS-Identifier] v6.0.0 -> 7.4.3
[Proxy-State] v6.0.0 -> 7.4.3
[Login-LAT-Service] v6.0.0 -> 7.4.3
[Login-LAT-Node] v6.0.0 -> 7.4.3
[Login-LAT-Group] v6.0.0 -> 7.4.3
[Framed-AppleTalk-Zone] v6.0.0 -> 7.4.3
[Acct-Session-Id] v6.0.0 -> 7.4.3
[Acct-Multi-Session-Id] v6.0.0 -> 7.4.3
- profile_type - Override profile type. type: str choices: list, radius
more...
Supported Version Ranges profile_type v6.0.0 -> 7.4.3
[list] v6.0.0 -> 7.4.3
[radius] v6.0.0 -> 7.4.3
- ovrd_perm - Permitted override types. type: list choices: bannedword-override, urlfilter-override, fortiguard-wf-override, contenttype-check-override
more...
Supported Version Ranges ovrd_perm v6.0.0 -> 7.4.3
[bannedword-override] v6.0.0 -> 7.4.3
[urlfilter-override] v6.0.0 -> 7.4.3
[fortiguard-wf-override] v6.0.0 -> 7.4.3
[contenttype-check-override] v6.0.0 -> 7.4.3
- post_action - Action taken for HTTP POST traffic. type: str choices: normal, block
more...
Supported Version Ranges post_action v6.0.0 -> 7.4.3
[normal] v6.0.0 -> 7.4.3
[block] v6.0.0 -> 7.4.3
- replacemsg_group - Replacement message group. Source system.replacemsg-group.name. type: str
more...
Supported Version Ranges replacemsg_group v6.0.0 -> 7.4.3
- url_extraction - Configure URL Extraction type: dict
more...
Supported Version Ranges url_extraction v6.0.0 -> v7.0.8
v7.2.0 -> v7.2.4
v7.4.3 -> 7.4.3
- redirect_header - HTTP header name to use for client redirect on blocked requests type: str
more...
Supported Version Ranges redirect_header v6.0.0 -> v7.0.8
v7.2.0 -> v7.2.4
v7.4.3 -> 7.4.3
- redirect_no_content - Enable / Disable empty message-body entity in HTTP response type: str choices: enable, disable
more...
Supported Version Ranges redirect_no_content v6.0.0 -> v7.0.8
v7.2.0 -> v7.2.4
v7.4.3 -> 7.4.3
[enable] v6.0.0 -> v7.0.8
[disable] v6.0.0 -> v7.0.8
- redirect_url - HTTP header value to use for client redirect on blocked requests type: str
more...
Supported Version Ranges redirect_url v6.0.0 -> v7.0.8
v7.2.0 -> v7.2.4
v7.4.3 -> 7.4.3
- server_fqdn - URL extraction server FQDN (fully qualified domain name) type: str
more...
Supported Version Ranges server_fqdn v6.0.0 -> v7.0.8
v7.2.0 -> v7.2.4
v7.4.3 -> 7.4.3
- status - Enable URL Extraction type: str choices: enable, disable
more...
Supported Version Ranges status v6.0.0 -> v7.0.8
v7.2.0 -> v7.2.4
v7.4.3 -> 7.4.3
[enable] v6.0.0 -> v7.0.8
[disable] v6.0.0 -> v7.0.8
- web - Web content filtering settings. type: dict
more...
Supported Version Ranges web v6.0.0 -> 7.4.3
- allowlist - FortiGuard allowlist settings. type: list choices: exempt-av, exempt-webcontent, exempt-activex-java-cookie, exempt-dlp, exempt-rangeblock, extended-log-others
more...
Supported Version Ranges allowlist v7.0.0 -> 7.4.3
[exempt-av] v7.0.0 -> 7.4.3
[exempt-webcontent] v7.0.0 -> 7.4.3
[exempt-activex-java-cookie] v7.0.0 -> 7.4.3
[exempt-dlp] v7.0.0 -> 7.4.3
[exempt-rangeblock] v7.0.0 -> 7.4.3
[extended-log-others] v7.0.0 -> 7.4.3
- blacklist - Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. type: str choices: enable, disable
more...
Supported Version Ranges blacklist v6.0.0 -> v6.4.4
[enable] v6.0.0 -> v6.4.4
[disable] v6.0.0 -> v6.4.4
- blocklist - Enable/disable automatic addition of URLs detected by FortiSandbox to blocklist. type: str choices: enable, disable
more...
Supported Version Ranges blocklist v7.0.0 -> 7.4.3
[enable] v7.0.0 -> 7.4.3
[disable] v7.0.0 -> 7.4.3
- bword_table - Banned word table ID. Source webfilter.content.id. type: int
more...
Supported Version Ranges bword_table v6.0.0 -> 7.4.3
- bword_threshold - Banned word score threshold. type: int
more...
Supported Version Ranges bword_threshold v6.0.0 -> 7.4.3
- content_header_list - Content header list. Source webfilter.content-header.id. type: int
more...
Supported Version Ranges content_header_list v6.0.0 -> 7.4.3
- keyword_match - Search keywords to log when match is found. type: list member_path: web/keyword_match:pattern
more...
Supported Version Ranges keyword_match v6.0.0 -> 7.4.3
- pattern - Pattern/keyword to search for. type: str required: true
more...
Supported Version Ranges pattern v6.0.0 -> 7.4.3
- log_search - Enable/disable logging all search phrases. type: str choices: enable, disable
more...
Supported Version Ranges log_search v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- safe_search - Safe search type. type: list choices: url, header
more...
Supported Version Ranges safe_search v6.0.0 -> 7.4.3
[url] v6.0.0 -> 7.4.3
[header] v6.0.0 -> 7.4.3
- urlfilter_table - URL filter table ID. Source webfilter.urlfilter.id. type: int
more...
Supported Version Ranges urlfilter_table v6.0.0 -> 7.4.3
- vimeo_restrict - Set Vimeo-restrict ("7" = don"t show mature content, "134" = don"t show unrated and mature content). A value of cookie "content_rating". type: str
more...
Supported Version Ranges vimeo_restrict v7.0.1 -> 7.4.3
- whitelist - FortiGuard whitelist settings. type: list choices: exempt-av, exempt-webcontent, exempt-activex-java-cookie, exempt-dlp, exempt-rangeblock, extended-log-others
more...
Supported Version Ranges whitelist v6.0.0 -> v6.4.4
[exempt-av] v6.0.0 -> v6.4.4
[exempt-webcontent] v6.0.0 -> v6.4.4
[exempt-activex-java-cookie] v6.0.0 -> v6.4.4
[exempt-dlp] v6.0.0 -> v6.4.4
[exempt-rangeblock] v6.0.0 -> v6.4.4
[extended-log-others] v6.0.0 -> v6.4.4
- youtube_restrict - YouTube EDU filter level. type: str choices: none, strict, moderate
more...
Supported Version Ranges youtube_restrict v6.0.0 -> v6.4.4
v7.0.1 -> 7.4.3
[none] v6.0.0 -> v6.4.4
[strict] v6.0.0 -> v6.4.4
[moderate] v6.0.0 -> v6.4.4
- web_antiphishing_log - Enable/disable logging of AntiPhishing checks. type: str choices: enable, disable
more...
Supported Version Ranges web_antiphishing_log v6.4.0 -> 7.4.3
[enable] v6.4.0 -> 7.4.3
[disable] v6.4.0 -> 7.4.3
- web_content_log - Enable/disable logging logging blocked web content. type: str choices: enable, disable
more...
Supported Version Ranges web_content_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_extended_all_action_log - Enable/disable extended any filter action logging for web filtering. type: str choices: enable, disable
more...
Supported Version Ranges web_extended_all_action_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_filter_activex_log - Enable/disable logging ActiveX. type: str choices: enable, disable
more...
Supported Version Ranges web_filter_activex_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_filter_applet_log - Enable/disable logging Java applets. type: str choices: enable, disable
more...
Supported Version Ranges web_filter_applet_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_filter_command_block_log - Enable/disable logging blocked commands. type: str choices: enable, disable
more...
Supported Version Ranges web_filter_command_block_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_filter_cookie_log - Enable/disable logging cookie filtering. type: str choices: enable, disable
more...
Supported Version Ranges web_filter_cookie_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_filter_cookie_removal_log - Enable/disable logging blocked cookies. type: str choices: enable, disable
more...
Supported Version Ranges web_filter_cookie_removal_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_filter_js_log - Enable/disable logging Java scripts. type: str choices: enable, disable
more...
Supported Version Ranges web_filter_js_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_filter_jscript_log - Enable/disable logging JScripts. type: str choices: enable, disable
more...
Supported Version Ranges web_filter_jscript_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_filter_referer_log - Enable/disable logging referrers. type: str choices: enable, disable
more...
Supported Version Ranges web_filter_referer_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_filter_unknown_log - Enable/disable logging unknown scripts. type: str choices: enable, disable
more...
Supported Version Ranges web_filter_unknown_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_filter_vbs_log - Enable/disable logging VBS scripts. type: str choices: enable, disable
more...
Supported Version Ranges web_filter_vbs_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_flow_log_encoding - Log encoding in flow mode. type: str choices: utf-8, punycode
more...
Supported Version Ranges web_flow_log_encoding v7.4.2 -> 7.4.3
[utf-8] v7.4.2 -> 7.4.3
[punycode] v7.4.2 -> 7.4.3
- web_ftgd_err_log - Enable/disable logging rating errors. type: str choices: enable, disable
more...
Supported Version Ranges web_ftgd_err_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_ftgd_quota_usage - Enable/disable logging daily quota usage. type: str choices: enable, disable
more...
Supported Version Ranges web_ftgd_quota_usage v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_invalid_domain_log - Enable/disable logging invalid domain names. type: str choices: enable, disable
more...
Supported Version Ranges web_invalid_domain_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- web_url_log - Enable/disable logging URL filtering. type: str choices: enable, disable
more...
Supported Version Ranges web_url_log v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- wisp - Enable/disable web proxy WISP. type: str choices: enable, disable
more...
Supported Version Ranges wisp v6.0.0 -> 7.4.3
[enable] v6.0.0 -> 7.4.3
[disable] v6.0.0 -> 7.4.3
- wisp_algorithm - WISP server selection algorithm. type: str choices: primary-secondary, round-robin, auto-learning
more...
Supported Version Ranges wisp_algorithm v6.0.0 -> 7.4.3
[primary-secondary] v6.0.0 -> 7.4.3
[round-robin] v6.0.0 -> 7.4.3
[auto-learning] v6.0.0 -> 7.4.3
- wisp_servers - WISP servers. type: list member_path: wisp_servers:name
more...
Supported Version Ranges wisp_servers v6.0.0 -> 7.4.3
- name - Server name. Source web-proxy.wisp.name. type: str required: true
more...
Supported Version Ranges name v6.0.0 -> 7.4.3
- youtube_channel_filter - YouTube channel filter. type: list member_path: youtube_channel_filter:id
more...
Supported Version Ranges youtube_channel_filter v6.0.0 -> v6.4.4
- channel_id - YouTube channel ID to be filtered. type: str
more...
Supported Version Ranges channel_id v6.0.0 -> v6.4.4
- comment - Comment. type: str
more...
Supported Version Ranges comment v6.0.0 -> v6.4.4
- id - ID. see Notes. type: int required: true
more...
Supported Version Ranges id v6.0.0 -> v6.4.4
- youtube_channel_status - YouTube channel filter status. type: str choices: disable, blacklist, whitelist
more...
Supported Version Ranges youtube_channel_status v6.0.0 -> v6.4.4
[disable] v6.0.0 -> v6.4.4
[blacklist] v6.0.0 -> v6.4.4
[whitelist] v6.0.0 -> v6.4.4
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
- name: Configure Web filter profiles.
fortinet.fortios.fortios_webfilter_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
webfilter_profile:
antiphish:
authentication: "domain-controller"
check_basic_auth: "enable"
check_uri: "enable"
check_username_only: "enable"
custom_patterns:
-
category: "username"
pattern: "<your_own_value>"
type: "regex"
default_action: "exempt"
domain_controller: "<your_own_value> (source user.domain-controller.name credential-store.domain-controller.server-name)"
inspection_entries:
-
action: "exempt"
fortiguard_category: "<your_own_value>"
name: "default_name_17"
ldap: "<your_own_value> (source user.ldap.name)"
max_body_len: "65536"
status: "enable"
comment: "Optional comments."
extended_log: "enable"
feature_set: "flow"
file_filter:
entries:
-
action: "log"
comment: "Comment."
direction: "incoming"
file_type:
-
name: "default_name_30 (source antivirus.filetype.name)"
filter: "<your_own_value>"
password_protected: "yes"
protocol: "http"
log: "enable"
scan_archive_contents: "enable"
status: "enable"
ftgd_wf:
exempt_quota: "<your_own_value>"
filters:
-
action: "block"
auth_usr_grp:
-
name: "default_name_42 (source user.group.name)"
category: "0"
id: "44"
log: "enable"
override_replacemsg: "<your_own_value>"
warn_duration: "<your_own_value>"
warning_duration_type: "session"
warning_prompt: "per-domain"
max_quota_timeout: "300"
options: "error-allow"
ovrd: "<your_own_value>"
quota:
-
category: "<your_own_value>"
duration: "<your_own_value>"
id: "56"
override_replacemsg: "<your_own_value>"
type: "time"
unit: "B"
value: "1024"
rate_crl_urls: "disable"
rate_css_urls: "disable"
rate_image_urls: "disable"
rate_javascript_urls: "disable"
https_replacemsg: "enable"
inspection_mode: "proxy"
log_all_url: "enable"
name: "default_name_68"
options: "activexfilter"
override:
ovrd_cookie: "allow"
ovrd_dur: "<your_own_value>"
ovrd_dur_mode: "constant"
ovrd_scope: "user"
ovrd_user_group:
-
name: "default_name_76 (source user.group.name)"
profile:
-
name: "default_name_78 (source webfilter.profile.name)"
profile_attribute: "User-Name"
profile_type: "list"
ovrd_perm: "bannedword-override"
post_action: "normal"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
url_extraction:
redirect_header: "<your_own_value>"
redirect_no_content: "enable"
redirect_url: "<your_own_value>"
server_fqdn: "<your_own_value>"
status: "enable"
web:
allowlist: "exempt-av"
blacklist: "enable"
blocklist: "enable"
bword_table: "0"
bword_threshold: "10"
content_header_list: "0"
keyword_match:
-
pattern: "<your_own_value>"
log_search: "enable"
safe_search: "url"
urlfilter_table: "0"
vimeo_restrict: "<your_own_value>"
whitelist: "exempt-av"
youtube_restrict: "none"
web_antiphishing_log: "enable"
web_content_log: "enable"
web_extended_all_action_log: "enable"
web_filter_activex_log: "enable"
web_filter_applet_log: "enable"
web_filter_command_block_log: "enable"
web_filter_cookie_log: "enable"
web_filter_cookie_removal_log: "enable"
web_filter_js_log: "enable"
web_filter_jscript_log: "enable"
web_filter_referer_log: "enable"
web_filter_unknown_log: "enable"
web_filter_vbs_log: "enable"
web_flow_log_encoding: "utf-8"
web_ftgd_err_log: "enable"
web_ftgd_quota_usage: "enable"
web_invalid_domain_log: "enable"
web_url_log: "enable"
wisp: "enable"
wisp_algorithm: "primary-secondary"
wisp_servers:
-
name: "default_name_126 (source web-proxy.wisp.name)"
youtube_channel_filter:
-
channel_id: "<your_own_value>"
comment: "Comment."
id: "130"
youtube_channel_status: "disable"
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
- This module is not guaranteed to have a backwards compatible interface.
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can create a pull request to improve it.