fortios_webfilter - Configure webfilter capabilities of FortiGate and FortiOS.¶
New in version 2.6.
Synopsis¶
- This module is able to configure a FortiGate or FortiOS by allowing the user to configure webfilter feature. For now it is able to handle url and content filtering capabilities. The module uses FortiGate REST API internally to configure the device.
Requirements¶
The below requirements are needed on the host that executes this module.
- fortiosapi>=0.9.8
Parameters¶
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
|
host
required |
FortiOS or FortiGate ip adress.
|
|||
| password |
Default: |
FortiOS or FortiGate password.
|
||
|
username
required |
FortiOS or FortiGate username.
|
|||
| vdom |
Default: root
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||
| webfilter_content |
Default: None
|
Container for a group of content-filtering entries that the FortiGate must act upon
|
||
| comment |
Default: None
|
Optional comments.
|
||
|
state
required |
|
Configures the intended state of this object on the FortiGate. When this value is set to present, the object is configured on the device and when this value is set to absent the object is removed from the device.
|
||
|
id
required |
Id of content-filter list.
|
|||
| name |
Name of content-filter list.
|
|||
| entries |
Default: []
|
Content filter entries.
|
||
|
status
required |
|
Enable/disable banned word.
|
||
|
lang
required |
|
Language of banned word.
|
||
|
pattern-type
required |
|
Banned word pattern type. It can be a wildcard pattern or Perl regular expression.
|
||
|
name
required |
Banned word.
|
|||
|
action
required |
|
Block or exempt word when a match is found.
|
||
|
score
required |
Score, to be applied every time the word appears on a web page.
|
|||
| webfilter_url |
Default: None
|
Container for a group of url entries that the FortiGate must act upon
|
||
| comment |
Default: None
|
Optional comments.
|
||
|
state
required |
|
Configures the intended state of this object on the FortiGate. When this value is set to present, the object is configured on the device and when this value is set to absent the object is removed from the device.
|
||
| one-arm-ips-urlfilter |
|
Enable/disable DNS resolver for one-arm IPS URL filter operation.
|
||
| ip-addr-block |
|
Enable/disable blocking URLs when the hostname appears as an IP address.
|
||
|
name
required |
Name of URL filter list.
|
|||
| entries |
Default: []
|
URL filter entries.
|
||
|
status
required |
|
Enable/disable this URL filter.
|
||
|
web-proxy-profile
required |
Web proxy profile.
|
|||
|
referrer-host
required |
Referrer host name.
|
|||
|
url
required |
URL to be filtered.
|
|||
|
exempt
required |
|
If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.
|
||
|
action
required |
|
Action to take for URL filter matches.
|
||
|
type
required |
|
Filter type (simple, regex, or wildcard).
|
||
|
id
required |
Id of URL.
|
|||
|
id
required |
Id of URL filter list.
|
|||
Notes¶
Note
- Requires fortiosapi library developed by Fortinet
- Run as a local_action in your playbook
Examples¶
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure url to be filtered by fortigate
fortios_webfilter:
host: "{{ host }}"
username: "{{ username}}"
password: "{{ password }}"
vdom: "{{ vdom }}"
webfilter_url:
state: "present"
id: "1"
name: "default"
comment: "mycomment"
one-arm-ips-url-filter: "disable"
ip-addr-block: "disable"
entries:
- id: "1"
url: "www.test1.com"
type: "simple"
action: "exempt"
status: "enable"
exempt: "pass"
web-proxy-profile: ""
referrrer-host: ""
- id: "2"
url: "www.test2.com"
type: "simple"
action: "exempt"
status: "enable"
exempt: "pass"
web-proxy-profile: ""
referrrer-host: ""
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure web content filtering in fortigate
fortios_webfilter:
host: "{{ host }}"
username: "{{ username}}"
password: "{{ password }}"
vdom: "{{ vdom }}"
webfilter_content:
id: "1"
name: "default"
comment: ""
entries:
- name: "1"
pattern-type: "www.test45.com"
status: "enable"
lang: "western"
score: 40
action: "block"
- name: "2"
pattern-type: "www.test46.com"
status: "enable"
lang: "western"
score: 42
action: "block"
state: "present"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
key1
|
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Status¶
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance¶
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author¶
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation you can edit this document to improve it.