Claude 1

sophos-xgs-ansible/roles/sophos_waf/tasks/main.yml

@@ -0,0 +1,90 @@
+---
+# ============================================================================
+# Sophos WAF Role - Main Tasks
+# ============================================================================
+
+- name: Display WAF configuration overview
+  ansible.builtin.debug:
+    msg:
+      - "======================================"
+      - "Configuring Web Application Firewall"
+      - "======================================"
+      - "Firewall: {{ inventory_hostname }}"
+      - "Backends: {{ sophos_waf_backends | default([]) | length }}"
+      - "Policies: {{ sophos_waf_policies | default([]) | length }}"
+      - "Virtual Hosts: {{ sophos_waf_virtual_hosts | default([]) | length }}"
+      - "Exceptions: {{ sophos_waf_exceptions | default([]) | length }}"
+  tags: ['always']
+
+- name: Configure WAF backend servers
+  ansible.builtin.uri:
+    url: "https://{{ sophos_mgmt_host }}:{{ sophos_mgmt_port }}/webconsole/APIController"
+    method: POST
+    validate_certs: "{{ sophos_validate_certs }}"
+    headers:
+      Content-Type: "application/x-www-form-urlencoded"
+    body: "reqxml={{ lookup('template', 'waf_backend.json.j2') | urlencode }}"
+    status_code: [200, 201]
+    timeout: "{{ sophos_api_timeout }}"
+  loop: "{{ sophos_waf_backends | default([]) }}"
+  loop_control:
+    label: "{{ item.name }}"
+  when: sophos_waf_backends is defined and sophos_waf_backends | length > 0
+  no_log: "{{ sophos_no_log_sensitive }}"
+  tags: ['waf', 'backends']
+
+- name: Configure WAF protection policies
+  ansible.builtin.uri:
+    url: "https://{{ sophos_mgmt_host }}:{{ sophos_mgmt_port }}/webconsole/APIController"
+    method: POST
+    validate_certs: "{{ sophos_validate_certs }}"
+    headers:
+      Content-Type: "application/x-www-form-urlencoded"
+    body: "reqxml={{ lookup('template', 'waf_policy.json.j2') | urlencode }}"
+    status_code: [200, 201]
+    timeout: "{{ sophos_api_timeout }}"
+  loop: "{{ sophos_waf_policies | default([]) }}"
+  loop_control:
+    label: "{{ item.name }}"
+  when: sophos_waf_policies is defined and sophos_waf_policies | length > 0
+  no_log: "{{ sophos_no_log_sensitive }}"
+  tags: ['waf', 'policies']
+
+- name: Configure WAF virtual hosts
+  ansible.builtin.uri:
+    url: "https://{{ sophos_mgmt_host }}:{{ sophos_mgmt_port }}/webconsole/APIController"
+    method: POST
+    validate_certs: "{{ sophos_validate_certs }}"
+    headers:
+      Content-Type: "application/x-www-form-urlencoded"
+    body: "reqxml={{ lookup('template', 'waf_policy.json.j2') | urlencode }}"
+    status_code: [200, 201]
+    timeout: "{{ sophos_api_timeout }}"
+  loop: "{{ sophos_waf_virtual_hosts | default([]) }}"
+  loop_control:
+    label: "{{ item.name }} ({{ item.domain }})"
+  when: sophos_waf_virtual_hosts is defined and sophos_waf_virtual_hosts | length > 0
+  no_log: "{{ sophos_no_log_sensitive }}"
+  tags: ['waf', 'virtual-hosts']
+
+- name: Configure WAF exceptions
+  ansible.builtin.uri:
+    url: "https://{{ sophos_mgmt_host }}:{{ sophos_mgmt_port }}/webconsole/APIController"
+    method: POST
+    validate_certs: "{{ sophos_validate_certs }}"
+    headers:
+      Content-Type: "application/x-www-form-urlencoded"
+    body: "reqxml={{ lookup('template', 'waf_exception.json.j2') | urlencode }}"
+    status_code: [200, 201]
+    timeout: "{{ sophos_api_timeout }}"
+  loop: "{{ sophos_waf_exceptions | default([]) }}"
+  loop_control:
+    label: "{{ item.name }}"
+  when: sophos_waf_exceptions is defined and sophos_waf_exceptions | length > 0
+  no_log: "{{ sophos_no_log_sensitive }}"
+  tags: ['waf', 'exceptions']
+
+- name: WAF configuration completed
+  ansible.builtin.debug:
+    msg: "Web Application Firewall configured successfully"
+  tags: ['always']