netscaler.adc.appfwsettings module – Configuration for AS settings resource.

Note

This module is part of the netscaler.adc collection (version 2.6.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.appfwsettings.

New in netscaler.adc 2.0.0

Synopsis

  • Configuration for AS settings resource.

Parameters

Parameter

Comments

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

ceflogging

string

Enable CEF format logs.

Choices:

  • "ON"

  • "OFF"

centralizedlearning

string

Flag used to enable/disable ADM centralized learning

Choices:

  • "ON"

  • "OFF"

clientiploggingheader

string

Name of an HTTP header that contains the IP address that the client used to connect to the protected web site or service.

cookieflags

string

Add the specified flags to AppFW cookies. Available setttings function as follows:

* None - Do not add flags to AppFW cookies.

* HTTP Only - Add the HTTP Only flag to AppFW cookies, which prevent scripts from accessing them.

* Secure - Add Secure flag to AppFW cookies.

* All - Add both HTTPOnly and Secure flag to AppFW cookies.

Choices:

  • "none"

  • "httpOnly"

  • "secure"

  • "all"

cookiepostencryptprefix

string

String that is prepended to all encrypted cookie values.

defaultprofile

string

Profile to use when a connection does not match any policy. Default setting is APPFW_BYPASS, which sends unmatched connections back to the Citrix ADC without attempting to filter them further.

entitydecoding

string

Transform multibyte (double- or half-width) characters to single width characters.

Choices:

  • "ON"

  • "OFF"

geolocationlogging

string

Enable Geo-Location Logging in CEF format logs.

Choices:

  • "ON"

  • "OFF"

importsizelimit

float

Maximum cumulative size in bytes of all objects imported to Netscaler. The user is not allowed to import an object if the operation exceeds the currently configured limit.

learnratelimit

float

Maximum number of connections per second that the application firewall learning engine examines to generate new relaxations for learning-enabled security checks. The application firewall drops any connections above this limit from the list of connections used by the learning engine.

logmalformedreq

string

Log requests that are so malformed that application firewall parsing doesn’t occur.

Choices:

  • "ON"

  • "OFF"

malformedreqaction

list / elements=string

flag to define action on malformed requests that application firewall cannot parse

Choices:

  • "none"

  • "block"

  • "log"

  • "stats"

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

proxypassword

string

Password with which proxy user logs on.

proxyport

integer

Proxy Server Port to get updated signatures from AWS.

proxyserver

string

Proxy Server IP to get updated signatures from AWS.

proxyusername

string

Proxy Username

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

sessioncookiename

string

Name of the session cookie that the application firewall uses to track user sessions.

Must begin with a letter or number, and can consist of from 1 to 31 letters, numbers, and the hyphen (-) and underscore (_) symbols.

The following requirement applies only to the Citrix ADC CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my cookie name” or ‘my cookie name’).

sessionlifetime

float

Maximum amount of time (in seconds) that the application firewall allows a user session to remain active, regardless of user activity. After this time, the user session is terminated. Before continuing to use the protected web site, the user must establish a new session by opening a designated start URL. A value of 0 represents infinite time.

sessionlimit

float

Maximum number of sessions that the application firewall allows to be active, regardless of user activity. After the max_limit reaches, No more user session will be created .

sessiontimeout

float

Timeout, in seconds, after which a user session is terminated. Before continuing to use the protected web site, the user must establish a new session by opening a designated start URL.

signatureautoupdate

string

Flag used to enable/disable auto update signatures

Choices:

  • "ON"

  • "OFF"

signatureurl

string

URL to download the mapping file from server

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When present, the resource will be added/updated configured according to the module’s parameters.

When unset, the resource will be unset on the NetScaler ADC node.

Choices:

  • "present" ← (default)

  • "unset"

undefaction

string

Profile to use when an application firewall policy evaluates to undefined (UNDEF).

An UNDEF event indicates an internal error condition. The APPFW_BLOCK built-in profile is the default setting. You can specify a different built-in or user-created profile as the UNDEF profile.

useconfigurablesecretkey

string

Use configurable secret key in AppFw operations

Choices:

  • "ON"

  • "OFF"

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Notes

Note

Examples

---
- name: Sample appfwsettings playbook
  hosts: demo_netscalers
  gather_facts: false
  tasks:
    - name: Configure appfwsettings
      delegate_to: localhost
      netscaler.adc.appfwsettings:
        state: present
        sessiontimeout: '180'

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)

  • Shiva Shankar Vaddepally (@shivashankar-vaddepally)