netscaler.adc.appfwprofile module – Configuration for application firewall profile resource.

Note

This module is part of the netscaler.adc collection (version 2.6.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.appfwprofile.

New in netscaler.adc 2.0.0

Synopsis 

Configuration for application firewall profile resource.

Parameters 

Parameter	Comments
addcookieflags any	Add the specified flags to cookies. Available settings function as follows: * None - Do not add flags to cookies. * HTTP Only - Add the HTTP Only flag to cookies, which prevents scripts from accessing cookies. * Secure - Add Secure flag to cookies. * All - Add both HTTPOnly and Secure flags to cookies. Choices: `"none"` `"httpOnly"` `"secure"` `"all"`
api_path string	Base NITRO API path. Define only in case of an ADM service proxy call Default: `"nitro/v1/config"`
apispec any	Name of the API Specification.
appfwprofile_appfwconfidfield_binding dictionary	Bindings for appfwprofile_appfwconfidfield_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_blockkeyword_binding dictionary	Bindings for appfwprofile_blockkeyword_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_bypasslist_binding dictionary	Bindings for appfwprofile_bypasslist_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_cmdinjection_binding dictionary	Bindings for appfwprofile_cmdinjection_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_contenttype_binding dictionary	Bindings for appfwprofile_contenttype_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_cookieconsistency_binding dictionary	Bindings for appfwprofile_cookieconsistency_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_creditcardnumber_binding dictionary	Bindings for appfwprofile_creditcardnumber_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_crosssitescripting_binding dictionary	Bindings for appfwprofile_crosssitescripting_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_csrftag_binding dictionary	Bindings for appfwprofile_csrftag_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_denylist_binding dictionary	Bindings for appfwprofile_denylist_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_denyurl_binding dictionary	Bindings for appfwprofile_denyurl_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_excluderescontenttype_binding dictionary	Bindings for appfwprofile_excluderescontenttype_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_fakeaccount_binding dictionary	Bindings for appfwprofile_fakeaccount_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_fieldconsistency_binding dictionary	Bindings for appfwprofile_fieldconsistency_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_fieldformat_binding dictionary	Bindings for appfwprofile_fieldformat_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_fileuploadtype_binding dictionary	Bindings for appfwprofile_fileuploadtype_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_jsonblockkeyword_binding dictionary	Bindings for appfwprofile_jsonblockkeyword_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_jsoncmdurl_binding dictionary	Bindings for appfwprofile_jsoncmdurl_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_jsondosurl_binding dictionary	Bindings for appfwprofile_jsondosurl_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_jsonsqlurl_binding dictionary	Bindings for appfwprofile_jsonsqlurl_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_jsonxssurl_binding dictionary	Bindings for appfwprofile_jsonxssurl_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_logexpression_binding dictionary	Bindings for appfwprofile_logexpression_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_safeobject_binding dictionary	Bindings for appfwprofile_safeobject_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_sqlinjection_binding dictionary	Bindings for appfwprofile_sqlinjection_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_starturl_binding dictionary	Bindings for appfwprofile_starturl_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_trustedlearningclients_binding dictionary	Bindings for appfwprofile_trustedlearningclients_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_xmlattachmenturl_binding dictionary	Bindings for appfwprofile_xmlattachmenturl_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_xmldosurl_binding dictionary	Bindings for appfwprofile_xmldosurl_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_xmlsqlinjection_binding dictionary	Bindings for appfwprofile_xmlsqlinjection_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_xmlvalidationurl_binding dictionary	Bindings for appfwprofile_xmlvalidationurl_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_xmlwsiurl_binding dictionary	Bindings for appfwprofile_xmlwsiurl_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
appfwprofile_xmlxss_binding dictionary	Bindings for appfwprofile_xmlxss_binding resource
binding_members list / elements=dictionary	List of binding members Default: `[]`
mode string	The mode in which to configure the bindings. If mode is set to `desired`, the bindings will be added or removed from the target NetScaler ADCs as necessary to match the bindings specified in the state. If mode is set to `bind`, the specified bindings will be added to the resource. The existing bindings in the target ADCs will not be modified. If mode is set to `unbind`, the specified bindings will be removed from the resource. The existing bindings in the target ADCs will not be modified. Choices: `"desired"` ← (default) `"bind"` `"unbind"`
archivename string	Source for tar archive.
as_prof_bypass_list_enable any	Enable bypass list for the profile. Choices: `"ON"` `"OFF"`
as_prof_deny_list_enable any	Enable deny list for the profile. Choices: `"ON"` `"OFF"`
augment boolean	Augment Relaxation Rules during import Choices: `false` `true`
blockkeywordaction any	Block Keyword action. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -blockKeywordAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -blockKeywordAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
bufferoverflowaction any	One or more Buffer Overflow actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -bufferOverflowAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -bufferOverflowAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
bufferoverflowmaxcookielength any	Maximum length, in characters, for cookies sent to your protected web sites. Requests with longer cookies are blocked.
bufferoverflowmaxheaderlength any	Maximum length, in characters, for HTTP headers in requests sent to your protected web sites. Requests with longer headers are blocked.
bufferoverflowmaxquerylength any	Maximum length, in bytes, for query string sent to your protected web sites. Requests with longer query strings are blocked.
bufferoverflowmaxtotalheaderlength any	Maximum length, in bytes, for the total HTTP header length in requests sent to your protected web sites. The minimum value of this and maxHeaderLen in httpProfile will be used. Requests with longer length are blocked.
bufferoverflowmaxurllength any	Maximum length, in characters, for URLs on your protected web sites. Requests with longer URLs are blocked.
canonicalizehtmlresponse any	Perform HTML entity encoding for any special characters in responses sent by your protected web sites. Choices: `"ON"` `"OFF"`
ceflogging any	Enable CEF format logs for the profile. Choices: `"ON"` `"OFF"`
checkrequestheaders any	Check request headers as well as web forms for injected SQL and cross-site scripts. Choices: `"ON"` `"OFF"`
clientipexpression any	Expression to get the client IP.
cmdinjectionaction any	Command injection action. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -cmdInjectionAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -cmdInjectionAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
cmdinjectiongrammar any	Check for CMD injection using CMD grammar Choices: `"ON"` `"OFF"`
cmdinjectiontype any	Available CMD injection types. -`CMDSplChar` : Checks for CMD Special Chars -`CMDKeyword` : Checks for CMD Keywords -`CMDSplCharANDKeyword` : Checks for both and blocks if both are found -`CMDSplCharORKeyword` : Checks for both and blocks if anyone is found, -`None` : Disables checking using both CMD Special Char and Keyword Choices: `"CMDSplChar"` `"CMDKeyword"` `"CMDSplCharORKeyword"` `"CMDSplCharANDKeyword"` `"None"`
comment any	Any comments about the purpose of profile, or other useful information about the profile.
contenttypeaction any	One or more Content-type actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of exceptions to this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -contentTypeaction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -contentTypeaction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
cookieconsistencyaction any	One or more Cookie Consistency actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of exceptions to this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -cookieConsistencyAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -cookieConsistencyAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
cookieencryption any	Type of cookie encryption. Available settings function as follows: * None - Do not encrypt cookies. * Decrypt Only - Decrypt encrypted cookies, but do not encrypt cookies. * Encrypt Session Only - Encrypt session cookies, but not permanent cookies. * Encrypt All - Encrypt all cookies. Choices: `"none"` `"decryptOnly"` `"encryptSessionOnly"` `"encryptAll"`
cookiehijackingaction any	One or more actions to prevent cookie hijacking. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. NOTE: Cookie Hijacking feature is not supported for TLSv1.3 CLI users: To enable one or more actions, type “set appfw profile -cookieHijackingAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -cookieHijackingAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
cookieproxying any	Cookie proxy setting. Available settings function as follows: * None - Do not proxy cookies. * Session Only - Proxy session cookies by using the Citrix ADC session ID, but do not proxy permanent cookies. Choices: `"none"` `"sessionOnly"`
cookiesamesiteattribute any	Cookie Samesite attribute added to support adding cookie SameSite attribute for all set-cookies including appfw session cookies. Default value will be “SameSite=Lax”. Choices: `"None"` `"LAX"` `"STRICT"`
cookietransforms any	Perform the specified type of cookie transformation. Available settings function as follows: * Encryption - Encrypt cookies. * Proxying - Mask contents of server cookies by sending proxy cookie to users. * Cookie flags - Flag cookies as HTTP only to prevent scripts on user’s browser from accessing and possibly modifying them. CAUTION: Make sure that this parameter is set to `ON` if you are configuring any cookie transformations. If it is set to `OFF`, no cookie transformations are performed regardless of any other settings. Choices: `"ON"` `"OFF"`
creditcard any	Credit card types that the application firewall should protect. Choices: `"none"` `"visa"` `"mastercard"` `"discover"` `"amex"` `"jcb"` `"dinersclub"`
creditcardaction any	One or more Credit Card actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -creditCardAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -creditCardAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
creditcardmaxallowed any	This parameter value is used by the block action. It represents the maximum number of credit card numbers that can appear on a web page served by your protected web sites. Pages that contain more credit card numbers are blocked.
creditcardxout any	Mask any credit card number detected in a response by replacing each digit, except the digits in the final group, with the letter “X.” Choices: `"ON"` `"OFF"`
crosssitescriptingaction any	One or more Cross-Site Scripting (XSS) actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of exceptions to this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -crossSiteScriptingAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -crossSiteScriptingAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
crosssitescriptingcheckcompleteurls any	Check complete URLs for cross-site scripts, instead of just the query portions of URLs. Choices: `"ON"` `"OFF"`
crosssitescriptingtransformunsafehtml any	Transform cross-site scripts. This setting configures the application firewall to disable dangerous HTML instead of blocking the request. CAUTION: Make sure that this parameter is set to `ON` if you are configuring any cross-site scripting transformations. If it is set to `OFF`, no cross-site scripting transformations are performed regardless of any other settings. Choices: `"ON"` `"OFF"`
csrftagaction any	One or more Cross-Site Request Forgery (CSRF) Tagging actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of exceptions to this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -CSRFTagAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -CSRFTagAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
customsettings string	Object name for custom settings. This check is applicable to Profile Type: HTML, XML.
defaultcharset any	Default character set for protected web pages. Web pages sent by your protected web sites in response to user requests are assigned this character set if the page does not already specify a character set. The character sets supported by the application firewall are: * iso-8859-1 (English US) * big5 (Chinese Traditional) * gb2312 (Chinese Simplified) * sjis (Japanese Shift-JIS) * euc-jp (Japanese EUC-JP) * iso-8859-9 (Turkish) * utf-8 (Unicode) * euc-kr (Korean)
defaultfieldformatmaxlength any	Maximum length, in characters, for data entered into a field that is assigned the default field type.
defaultfieldformatminlength any	Minimum length, in characters, for data entered into a field that is assigned the default field type. To disable the minimum and maximum length settings and allow data of any length to be entered into the field, set this parameter to zero (0).
defaultfieldformattype any	Designate a default field type to be applied to web form fields that do not have a field type explicitly assigned to them.
defaults string	Default configuration to apply to the profile. Basic defaults are intended for standard content that requires little further configuration, such as static web site content. Advanced defaults are intended for specialized content that requires significant specialized configuration, such as heavily scripted or dynamic content. CLI users: When adding an application firewall profile, you can set either the defaults or the type, but not both. To set both options, create the profile by using the add appfw profile command, and then use the set appfw profile command to configure the other option. Choices: `"basic"` `"advanced"` `"core"` `"cve"`
denyurlaction any	One or more Deny URL actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. NOTE: The Deny URL check takes precedence over the Start URL check. If you enable blocking for the Deny URL check, the application firewall blocks any URL that is explicitly blocked by a Deny URL, even if the same URL would otherwise be allowed by the Start URL check. CLI users: To enable one or more actions, type “set appfw profile -denyURLaction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -denyURLaction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
dosecurecreditcardlogging any	Setting this option logs credit card numbers in the response when the match is found. Choices: `"ON"` `"OFF"`
dynamiclearning any	One or more security checks. Available options are as follows: * `SQLInjection` - Enable dynamic learning for `SQLInjection` security check. * `CrossSiteScripting` - Enable dynamic learning for `CrossSiteScripting` security check. * `fieldFormat` - Enable dynamic learning for `fieldFormat` security check. * None - Disable security checks for all security checks. CLI users: To enable dynamic learning on one or more security checks, type “set appfw profile -dynamicLearning” followed by the security checks to be enabled. To turn off dynamic learning on all security checks, type “set appfw profile -dynamicLearning `none`“. Choices: `"none"` `"SQLInjection"` `"CrossSiteScripting"` `"fieldFormat"` `"startURL"` `"cookieConsistency"` `"fieldConsistency"` `"CSRFtag"` `"ContentType"`
enableformtagging any	Enable tagging of web form fields for use by the Form Field Consistency and CSRF Form Tagging checks. Choices: `"ON"` `"OFF"`
errorurl any	URL that application firewall uses as the Error URL.
excludefileuploadfromchecks any	Exclude uploaded files from Form checks. Choices: `"ON"` `"OFF"`
exemptclosureurlsfromsecuritychecks any	Exempt URLs that pass the Start URL closure check from SQL injection, cross-site script, field format and field consistency security checks at locations other than headers. Choices: `"ON"` `"OFF"`
fakeaccountdetection any	Fake account detection flag : `ON`/`OFF`. If set to `ON` fake account detection in enabled on ADC, if set to `OFF` fake account detection is disabled. Choices: `"ON"` `"OFF"`
fieldconsistencyaction any	One or more Form Field Consistency actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of exceptions to this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -fieldConsistencyaction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -fieldConsistencyAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
fieldformataction any	One or more Field Format actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of suggested web form fields and field format assignments. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -fieldFormatAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -fieldFormatAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
fileuploadmaxnum any	Maximum allowed number of file uploads per form-submission request. The maximum setting (65535) allows an unlimited number of uploads.
fileuploadtypesaction any	One or more file upload types actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -fileUploadTypeAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -fileUploadTypeAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
geolocationlogging any	Enable Geo-Location Logging in CEF format logs for the profile. Choices: `"ON"` `"OFF"`
grpcaction any	gRPC validation Choices: `"none"` `"block"` `"log"` `"stats"`
htmlerrorobject any	Name to assign to the HTML Error Object. Must begin with a letter, number, or the underscore character \(_\), and must contain only letters, numbers, and the hyphen \(-\), period \(.\) pound \(\#\), space \( \), at (@), equals \(=\), colon \(:\), and underscore characters. Cannot be changed after the HTML error object is added. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks \(for example, “my HTML error object” or ‘my HTML error object’\).
htmlerrorstatuscode any	Response status code associated with HTML error page. Non-empty HTML error object must be imported to the application firewall profile for the status code.
htmlerrorstatusmessage any	Response status message associated with HTML error page
importprofilename string	Name of the profile which will be created/updated to associate the relaxation rules
infercontenttypexmlpayloadaction any	One or more infer content type payload actions. Available settings function as follows: * Block - Block connections that have mismatch in content-type header and payload. * Log - Log connections that have mismatch in content-type header and payload. The mismatched content-type in HTTP request header will be logged for the request. * Stats - Generate statistics when there is mismatch in content-type header and payload. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -inferContentTypeXMLPayloadAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -inferContentTypeXMLPayloadAction `none`“. Please note “`none`“ action cannot be used with any other action type. Choices: `"block"` `"log"` `"stats"` `"none"`
insertcookiesamesiteattribute any	Configure whether application firewall should add samesite attribute for set-cookies Choices: `"ON"` `"OFF"`
inspectcontenttypes any	One or more InspectContentType lists. * `application/x-www-form-urlencoded` * `multipart/form-data` * `text/x-gwt-rpc` CLI users: To enable, type “set appfw profile -InspectContentTypes” followed by the content types to be inspected. Choices: `"none"` `"application/x-www-form-urlencoded"` `"multipart/form-data"` `"text/x-gwt-rpc"` `"application/grpc"` `"application/grpc-web+json"` `"application/grpc-web-text"`
inspectquerycontenttypes any	Inspect request query as well as web forms for injected SQL and cross-site scripts for following content types. Choices: `"HTML"` `"XML"` `"JSON"` `"OTHER"`
invalidpercenthandling any	Configure the method that the application firewall uses to handle percent-encoded names and values. Available settings function as follows: * `asp_mode` - Microsoft ASP format. * `secure_mode` - Secure format. Choices: `"asp_mode"` `"secure_mode"`
jsonblockkeywordaction any	JSON Block Keyword action. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -JSONBlockKeywordAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -JSONBlockKeywordAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
jsoncmdinjectionaction any	One or more JSON CMD Injection actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -JSONCMDInjectionAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -JSONCMDInjectionAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
jsoncmdinjectiongrammar any	Check for CMD injection using CMD grammar in JSON Choices: `"ON"` `"OFF"`
jsoncmdinjectiontype any	Available CMD injection types. -`CMDSplChar` : Checks for CMD Special Chars -`CMDKeyword` : Checks for CMD Keywords -`CMDSplCharANDKeyword` : Checks for both and blocks if both are found -`CMDSplCharORKeyword` : Checks for both and blocks if anyone is found, -`None` : Disables checking using both SQL Special Char and Keyword Choices: `"CMDSplChar"` `"CMDKeyword"` `"CMDSplCharORKeyword"` `"CMDSplCharANDKeyword"` `"None"`
jsondosaction any	One or more JSON Denial-of-Service (JsonDoS) actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -JSONDoSAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -JSONDoSAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
jsonerrorobject any	Name to the imported JSON Error Object to be set on application firewall profile. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks \(for example, “my JSON error object” or ‘my JSON error object’\).
jsonerrorstatuscode any	Response status code associated with JSON error page. Non-empty JSON error object must be imported to the application firewall profile for the status code.
jsonerrorstatusmessage any	Response status message associated with JSON error page
jsonsqlinjectionaction any	One or more JSON SQL Injection actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -JSONSQLInjectionAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -JSONSQLInjectionAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
jsonsqlinjectiongrammar any	Check for SQL injection using SQL grammar in JSON Choices: `"ON"` `"OFF"`
jsonsqlinjectiontype any	Available SQL injection types. -`SQLSplChar` : Checks for SQL Special Chars -`SQLKeyword` : Checks for SQL Keywords -`SQLSplCharANDKeyword` : Checks for both and blocks if both are found -`SQLSplCharORKeyword` : Checks for both and blocks if anyone is found, -`None` : Disables checking using both SQL Special Char and Keyword Choices: `"SQLSplChar"` `"SQLKeyword"` `"SQLSplCharORKeyword"` `"SQLSplCharANDKeyword"` `"None"`
jsonxssaction any	One or more JSON Cross-Site Scripting actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -JSONXssAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -JSONXssAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
logeverypolicyhit any	Log every profile match, regardless of security checks results. Choices: `"ON"` `"OFF"`
managed_netscaler_instance_id string added in netscaler.adc 2.6.0	The ID of the managed NetScaler instance to which NetScaler Console has to configure as a proxy server. Define only in case of an ADM service proxy call
managed_netscaler_instance_ip string added in netscaler.adc 2.6.0	The IP of the managed NetScaler instance to which NetScaler Console has to configure as a proxy server. Define only in case of an ADM service proxy call
managed_netscaler_instance_name string added in netscaler.adc 2.6.0	The name of the managed NetScaler instance to which NetScaler Console has to configure as a proxy server. Define only in case of an ADM service proxy call
managed_netscaler_instance_password string added in netscaler.adc 2.6.0	The password of the managed NetScaler instance. Define only in case of an ADM service proxy call In Settings > Administration > System Configurations > Basic Settings, if you select Prompt Credentials for Instance Login, ensure to configure username and password of a managed instance.
managed_netscaler_instance_username string added in netscaler.adc 2.6.0	The username of the managed NetScaler instance. Define only in case of an ADM service proxy call In Settings > Administration > System Configurations > Basic Settings, if you select Prompt Credentials for Instance Login, ensure to configure username and password of a managed instance.
matchurlstring string	Match this action url in archived Relaxation Rules to replace.
multipleheaderaction any	One or more multiple header actions. Available settings function as follows: * Block - Block connections that have multiple headers. * Log - Log connections that have multiple headers. * KeepLast - Keep only last header when multiple headers are present. Request headers inspected: * Accept-Encoding * Content-Encoding * Content-Range * Content-Type * Host * Range * Referer CLI users: To enable one or more actions, type “set appfw profile -multipleHeaderAction” followed by the actions to be enabled. Choices: `"block"` `"keepLast"` `"log"` `"none"`
name any	Name for the profile. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.), pound (#), space ( ), at (@), equals (=), colon (:), and underscore (_) characters. Cannot be changed after the profile is added. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my profile” or ‘my profile’).
netscaler_console_as_proxy_server boolean added in netscaler.adc 2.6.0	The IP address of the NetScaler ADC appliance acting as a proxy server. Define only in case of an ADM service proxy call Choices: `false` ← (default) `true`
nitro_auth_token string	The authentication token provided by a login operation.
nitro_pass string	The password with which to authenticate to the NetScaler ADC node.
nitro_protocol string	Which protocol to use when accessing the nitro API objects. Choices: `"http"` `"https"` ← (default)
nitro_user string	The username with which to authenticate to the NetScaler ADC node.
nsip string / required	The ip address of the NetScaler ADC appliance where the nitro API calls will be made. The port can be specified with the colon (:). E.g. 192.168.1.1:555.
optimizepartialreqs any	Optimize handle of HTTP partial requests i.e. those with range headers. Available settings are as follows: * `ON` - Partial requests by the client result in partial requests to the backend server in most cases. * `OFF` - Partial requests by the client are changed to full requests to the backend server Choices: `"ON"` `"OFF"`
overwrite boolean	Purge existing Relaxation Rules and replace during import Choices: `false` `true`
percentdecoderecursively any	Configure whether the application firewall should use percentage recursive decoding Choices: `"ON"` `"OFF"`
postbodylimit any	Maximum allowed HTTP post body size, in bytes. Maximum supported value is 10GB. Citrix recommends enabling streaming option for large values of post body limit (>20MB).
postbodylimitaction any	One or more Post Body Limit actions. Available settings function as follows: * Block - Block connections that violate this security check. Must always be set. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. CLI users: To enable one or more actions, type “set appfw profile -PostBodyLimitAction `block`“ followed by the other actions to be enabled. Choices: `"block"` `"log"` `"stats"`
postbodylimitsignature any	Maximum allowed HTTP post body size for signature inspection for location HTTP_POST_BODY in the signatures, in bytes. Note that the changes in value could impact CPU and latency profile.
protofileobject any	Name of the imported proto file.
refererheadercheck any	Enable validation of Referer headers. Referer validation ensures that a web form that a user sends to your web site originally came from your web site, not an outside attacker. Although this parameter is part of the Start URL check, referer validation protects against cross-site request forgery (CSRF) attacks, not Start URL attacks. Choices: `"OFF"` `"if_present"` `"AlwaysExceptStartURLs"` `"AlwaysExceptFirstRequest"`
relaxationrules boolean	Import all appfw relaxation rules Choices: `false` `true`
replaceurlstring string	Replace matched url string with this action url string while restoring Relaxation Rules
requestcontenttype any	Default Content-Type header for requests. A Content-Type header can contain 0-255 letters, numbers, and the hyphen (-) and underscore (_) characters.
responsecontenttype any	Default Content-Type header for responses. A Content-Type header can contain 0-255 letters, numbers, and the hyphen (-) and underscore (_) characters.
restaction any	rest validation Choices: `"none"` `"block"` `"log"` `"stats"`
rfcprofile any	Object name of the rfc profile.
save_config boolean	If `true` the module will save the configuration on the NetScaler ADC node if it makes any changes. The module will not save the configuration on the NetScaler ADC node if it made no changes. Choices: `false` ← (default) `true`
semicolonfieldseparator any	Allow ‘;’ as a form field separator in URL queries and POST form bodies. Choices: `"ON"` `"OFF"`
sessioncookiename any	Name of the session cookie that the application firewall uses to track user sessions. Must begin with a letter or number, and can consist of from 1 to 31 letters, numbers, and the hyphen (-) and underscore (_) symbols. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my cookie name” or ‘my cookie name’).
sessionlessfieldconsistency any	Perform sessionless Field Consistency Checks. Choices: `"OFF"` `"ON"` `"postOnly"`
sessionlessurlclosure any	Enable session less URL Closure Checks. This check is applicable to Profile Type: HTML. Choices: `"ON"` `"OFF"`
signatures any	Object name for signatures. This check is applicable to Profile Type: HTML, XML.
sqlinjectionaction any	One or more HTML SQL Injection actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of exceptions to this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -SQLInjectionAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -SQLInjectionAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
sqlinjectionchecksqlwildchars any	Check for form fields that contain SQL wild chars . Choices: `"ON"` `"OFF"`
sqlinjectiongrammar any	Check for SQL injection using SQL grammar Choices: `"ON"` `"OFF"`
sqlinjectiononlycheckfieldswithsqlchars any	Check only form fields that contain SQL special strings (characters) for injected SQL code. Most SQL servers require a special string to activate an SQL request, so SQL code without a special string is harmless to most SQL servers. Choices: `"ON"` `"OFF"`
sqlinjectionparsecomments any	Parse HTML comments and exempt them from the HTML SQL Injection check. You must specify the type of comments that the application firewall is to detect and exempt from this security check. Available settings function as follows: * Check all - Check all content. * ANSI - Exempt content that is part of an ANSI (Mozilla-style) comment. * Nested - Exempt content that is part of a `nested` (Microsoft-style) comment. * ANSI Nested - Exempt content that is part of any type of comment. Choices: `"checkall"` `"ansi"` `"nested"` `"ansinested"`
sqlinjectionruletype any	Specifies SQL Injection rule type: `ALLOW`/`DENY`. If `ALLOW` rule type is configured then allow list rules are used, if `DENY` rule type is configured then deny rules are used. Choices: `"ALLOW"` `"DENY"`
sqlinjectiontransformspecialchars any	Transform injected SQL code. This setting configures the application firewall to disable SQL special strings instead of blocking the request. Since most SQL servers require a special string to activate an SQL keyword, in most cases a request that contains injected SQL code is safe if special strings are disabled. CAUTION: Make sure that this parameter is set to `ON` if you are configuring any SQL injection transformations. If it is set to `OFF`, no SQL injection transformations are performed regardless of any other settings. Choices: `"ON"` `"OFF"`
sqlinjectiontype any	Available SQL injection types. -`SQLSplChar` : Checks for SQL Special Chars -`SQLKeyword` : Checks for SQL Keywords -`SQLSplCharANDKeyword` : Checks for both and blocks if both are found -`SQLSplCharORKeyword` : Checks for both and blocks if anyone is found -`None` : Disables checking using both SQL Special Char and Keyword Choices: `"SQLSplChar"` `"SQLKeyword"` `"SQLSplCharORKeyword"` `"SQLSplCharANDKeyword"` `"None"`
starturlaction any	One or more Start URL actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of exceptions to this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -startURLaction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -startURLaction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
starturlclosure any	Toggle the state of Start URL Closure. Choices: `"ON"` `"OFF"`
state string	The state of the resource being configured by the module on the NetScaler ADC node. When `present`, the resource will be added/updated configured according to the module’s parameters. When `absent`, the resource will be deleted from the NetScaler ADC node. When `unset`, the resource will be unset on the NetScaler ADC node. Choices: `"present"` ← (default) `"absent"` `"unset"`
streaming any	Setting this option converts content-length form submission requests (requests with content-type “application/x-www-form-urlencoded” or “multipart/form-data”) to chunked requests when atleast one of the following protections : Signatures, SQL injection protection, XSS protection, form field consistency protection, starturl closure, CSRF tagging, JSON SQL, JSON XSS, JSON DOS is enabled. Please make sure that the backend server accepts chunked requests before enabling this option. Citrix recommends enabling this option for large request sizes(>20MB). Choices: `"ON"` `"OFF"`
stripcomments string	Strip HTML comments. This check is applicable to Profile Type: HTML. Choices: `"ON"` `"OFF"`
striphtmlcomments any	Strip HTML comments before forwarding a web page sent by a protected web site in response to a user request. Choices: `"none"` `"all"` `"exclude_script_tag"`
stripxmlcomments any	Strip XML comments before forwarding a web page sent by a protected web site in response to a user request. Choices: `"none"` `"all"`
trace any	Toggle the state of trace Choices: `"ON"` `"OFF"`
type any	Application firewall profile type, which controls which security checks and settings are applied to content that is filtered with the profile. Available settings function as follows: * `HTML` - `HTML`-based web sites. * `XML` - `XML`-based web sites and services. * `JSON` - `JSON`-based web sites and services. * `HTML` `XML` (Web 2.0) - Sites that contain both `HTML` and `XML` content, such as ATOM feeds, blogs, and RSS feeds. * `HTML` `JSON` - Sites that contain both `HTML` and `JSON` content. * `XML` `JSON` - Sites that contain both `XML` and `JSON` content. * `HTML` `XML` `JSON` - Sites that contain `HTML`, `XML` and `JSON` content. Choices: `"HTML"` `"XML"` `"JSON"`
urldecoderequestcookies any	URL Decode request cookies before subjecting them to SQL and cross-site scripting checks. Choices: `"ON"` `"OFF"`
usehtmlerrorobject any	Send an imported HTML Error object to a user when a request is blocked, instead of redirecting the user to the designated Error URL. Choices: `"ON"` `"OFF"`
validate_certs boolean	If `false`, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. Choices: `false` `true` ← (default)
verboseloglevel any	Detailed Logging Verbose Log Level. Choices: `"pattern"` `"patternPayload"` `"patternPayloadHeader"`
xmlattachmentaction any	One or more XML Attachment actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of exceptions to this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLAttachmentAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLAttachmentAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
xmldosaction any	One or more XML Denial-of-Service (XDoS) actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of exceptions to this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLDoSAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLDoSAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
xmlerrorobject any	Name to assign to the XML Error Object, which the application firewall displays when a user request is blocked. Must begin with a letter, number, or the underscore character \(_\), and must contain only letters, numbers, and the hyphen \(-\), period \(.\) pound \(\#\), space \( \), at (@), equals \(=\), colon \(:\), and underscore characters. Cannot be changed after the XML error object is added. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks \(for example, “my XML error object” or ‘my XML error object’\).
xmlerrorstatuscode any	Response status code associated with XML error page. Non-empty XML error object must be imported to the application firewall profile for the status code.
xmlerrorstatusmessage any	Response status message associated with XML error page
xmlformataction any	One or more XML Format actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLFormatAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLFormatAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
xmlsoapfaultaction any	One or more XML SOAP Fault Filtering actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. * Remove - Remove all violations for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLSOAPFaultAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLSOAPFaultAction `none`“. Choices: `"none"` `"block"` `"log"` `"remove"` `"stats"`
xmlsqlinjectionaction any	One or more XML SQL Injection actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLSQLInjectionAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLSQLInjectionAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
xmlsqlinjectionchecksqlwildchars any	Check for form fields that contain SQL wild chars . Choices: `"ON"` `"OFF"`
xmlsqlinjectiononlycheckfieldswithsqlchars any	Check only form fields that contain SQL special characters, which most SQL servers require before accepting an SQL command, for injected SQL. Choices: `"ON"` `"OFF"`
xmlsqlinjectionparsecomments any	Parse comments in XML Data and exempt those sections of the request that are from the XML SQL Injection check. You must configure the type of comments that the application firewall is to detect and exempt from this security check. Available settings function as follows: * Check all - Check all content. * ANSI - Exempt content that is part of an ANSI (Mozilla-style) comment. * Nested - Exempt content that is part of a `nested` (Microsoft-style) comment. * ANSI Nested - Exempt content that is part of any type of comment. Choices: `"checkall"` `"ansi"` `"nested"` `"ansinested"`
xmlsqlinjectiontype any	Available SQL injection types. -`SQLSplChar` : Checks for SQL Special Chars -`SQLKeyword` : Checks for SQL Keywords -`SQLSplCharANDKeyword` : Checks for both and blocks if both are found -`SQLSplCharORKeyword` : Checks for both and blocks if anyone is found Choices: `"SQLSplChar"` `"SQLKeyword"` `"SQLSplCharORKeyword"` `"SQLSplCharANDKeyword"` `"None"`
xmlvalidationaction any	One or more XML Validation actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLValidationAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLValidationAction `none`“. Choices: `"none"` `"block"` `"log"` `"stats"`
xmlwsiaction any	One or more Web Services Interoperability (WSI) actions. Available settings function as follows: * Block - Block connections that violate this security check. * Learn - Use the learning engine to generate a list of exceptions to this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLWSIAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLWSIAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`
xmlxssaction any	One or more XML Cross-Site Scripting actions. Available settings function as follows: * Block - Block connections that violate this security check. * Log - Log violations of this security check. * Stats - Generate statistics for this security check. * None - Disable all actions for this security check. CLI users: To enable one or more actions, type “set appfw profile -XMLXSSAction” followed by the actions to be enabled. To turn off all actions, type “set appfw profile -XMLXSSAction `none`“. Choices: `"none"` `"block"` `"learn"` `"log"` `"stats"`

Notes 

Note

For more information on using Ansible to manage NetScaler ADC Network devices see https://www.ansible.com/integrations/networks/citrixadc.

Examples 

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
changed boolean	Indicates if any change is made by the module Returned: always Sample: `true`
diff dictionary	Dictionary of before and after changes Returned: always Sample: `{"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}`
diff_list list / elements=string	List of differences between the actual configured object and the configuration specified in the module Returned: when changed Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]
failed boolean	Indicates if the module failed or not Returned: always Sample: `false`
loglines list / elements=string	list of logged messages by the module Returned: always Sample: `["message 1", "message 2"]`

Authors

Sumanth Lingappa (@sumanth-lingappa)

netscaler.adc.appfwprofile module – Configuration for application firewall profile resource.

Synopsis

Parameters

Notes

Examples

Return Values