kasperj/chittick_projects
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4f1e8d3adddc8d92a2ba348a7a3b7b0163c451e8
chittick_projects/sophos-xgs-ansible/roles/sophos_waf/tasks/main.yml
Jake Kasper 4f1e8d3add Claude 1
2025-12-09 09:33:48 -06:00

91 lines
3.6 KiB
YAML
Raw Blame History

---
# ============================================================================
# Sophos WAF Role - Main Tasks
# ============================================================================
- name: Display WAF configuration overview
ansible.builtin.debug:
msg:
- "======================================"
- "Configuring Web Application Firewall"
- "======================================"
- "Firewall: {{ inventory_hostname }}"
- "Backends: {{ sophos_waf_backends | default([]) | length }}"
- "Policies: {{ sophos_waf_policies | default([]) | length }}"
- "Virtual Hosts: {{ sophos_waf_virtual_hosts | default([]) | length }}"
- "Exceptions: {{ sophos_waf_exceptions | default([]) | length }}"
tags: ['always']
- name: Configure WAF backend servers
ansible.builtin.uri:
url: "https://{{ sophos_mgmt_host }}:{{ sophos_mgmt_port }}/webconsole/APIController"
method: POST
validate_certs: "{{ sophos_validate_certs }}"
headers:
Content-Type: "application/x-www-form-urlencoded"
body: "reqxml={{ lookup('template', 'waf_backend.json.j2') | urlencode }}"
status_code: [200, 201]
timeout: "{{ sophos_api_timeout }}"
loop: "{{ sophos_waf_backends | default([]) }}"
loop_control:
label: "{{ item.name }}"
when: sophos_waf_backends is defined and sophos_waf_backends | length > 0
no_log: "{{ sophos_no_log_sensitive }}"
tags: ['waf', 'backends']
- name: Configure WAF protection policies
ansible.builtin.uri:
url: "https://{{ sophos_mgmt_host }}:{{ sophos_mgmt_port }}/webconsole/APIController"
method: POST
validate_certs: "{{ sophos_validate_certs }}"
headers:
Content-Type: "application/x-www-form-urlencoded"
body: "reqxml={{ lookup('template', 'waf_policy.json.j2') | urlencode }}"
status_code: [200, 201]
timeout: "{{ sophos_api_timeout }}"
loop: "{{ sophos_waf_policies | default([]) }}"
loop_control:
label: "{{ item.name }}"
when: sophos_waf_policies is defined and sophos_waf_policies | length > 0
no_log: "{{ sophos_no_log_sensitive }}"
tags: ['waf', 'policies']
- name: Configure WAF virtual hosts
ansible.builtin.uri:
url: "https://{{ sophos_mgmt_host }}:{{ sophos_mgmt_port }}/webconsole/APIController"
method: POST
validate_certs: "{{ sophos_validate_certs }}"
headers:
Content-Type: "application/x-www-form-urlencoded"
body: "reqxml={{ lookup('template', 'waf_policy.json.j2') | urlencode }}"
status_code: [200, 201]
timeout: "{{ sophos_api_timeout }}"
loop: "{{ sophos_waf_virtual_hosts | default([]) }}"
loop_control:
label: "{{ item.name }} ({{ item.domain }})"
when: sophos_waf_virtual_hosts is defined and sophos_waf_virtual_hosts | length > 0
no_log: "{{ sophos_no_log_sensitive }}"
tags: ['waf', 'virtual-hosts']
- name: Configure WAF exceptions
ansible.builtin.uri:
url: "https://{{ sophos_mgmt_host }}:{{ sophos_mgmt_port }}/webconsole/APIController"
method: POST
validate_certs: "{{ sophos_validate_certs }}"
headers:
Content-Type: "application/x-www-form-urlencoded"
body: "reqxml={{ lookup('template', 'waf_exception.json.j2') | urlencode }}"
status_code: [200, 201]
timeout: "{{ sophos_api_timeout }}"
loop: "{{ sophos_waf_exceptions | default([]) }}"
loop_control:
label: "{{ item.name }}"
when: sophos_waf_exceptions is defined and sophos_waf_exceptions | length > 0
no_log: "{{ sophos_no_log_sensitive }}"
tags: ['waf', 'exceptions']
- name: WAF configuration completed
ansible.builtin.debug:
msg: "Web Application Firewall configured successfully"
tags: ['always']
Reference in New Issue View Git Blame Copy Permalink