netscaler.adc.botprofile_ipreputation_binding module – Binding Resource definition for describing association between botprofile and ipreputation resources

Note

This module is part of the netscaler.adc collection (version 2.6.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.botprofile_ipreputation_binding.

New in netscaler.adc 2.0.0

Synopsis

  • Binding Resource definition for describing association between botprofile and ipreputation resources

Parameters

Parameter

Comments

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

bot_bind_comment

string

Any comments about this binding.

bot_iprep_action

list / elements=string

One or more actions to be taken if bot is detected based on this IP Reputation binding. Only LOG action can be combinded with DROP, RESET, REDIRECT or MITIGATION action.

Choices:

  • "NONE"

  • "LOG"

  • "DROP"

  • "REDIRECT"

  • "RESET"

  • "MITIGATION"

bot_iprep_enabled

string

Enabled or disabled IP-repuation binding.

Choices:

  • "ON"

  • "OFF"

bot_ipreputation

boolean

IP reputation binding. For each category, only one binding is allowed. To update the values of an existing binding, user has to first unbind that binding, and then needs to bind again with the new values.

Choices:

  • false

  • true

category

string

IP Repuation category. Following IP Reuputation categories are allowed:

*IP_BASED - This category checks whether client IP is malicious or not.

*BOTNET - This category includes Botnet C&C channels, and infected zombie machines controlled by Bot master.

*SPAM_SOURCES - This category includes tunneling spam messages through a proxy, anomalous SMTP activities, and forum spam activities.

*SCANNERS - This category includes all reconnaissance such as probes, host scan, domain scan, and password brute force attack.

*DOS - This category includes DOS, DDOS, anomalous sync flood, and anomalous traffic detection.

*REPUTATION - This category denies access from IP addresses currently known to be infected with malware. This category also includes IPs with average low Webroot Reputation Index score. Enabling this category will prevent access from sources identified to contact malware distribution points.

*PHISHING - This category includes IP addresses hosting phishing sites and other kinds of fraud activities such as ad click fraud or gaming fraud.

*PROXY - This category includes IP addresses providing proxy services.

*NETWORK - IPs providing proxy and anonymization services including The Onion Router aka TOR or darknet.

*MOBILE_THREATS - This category checks client IP with the list of IPs harmful for mobile devices.

*WINDOWS_EXPLOITS - This category includes active IP address offering or distributig malware, shell code, rootkits, worms or viruses.

*WEB_ATTACKS - This category includes cross site scripting, iFrame injection, SQL injection, cross domain injection or domain password brute force attack.

*TOR_PROXY - This category includes IP address acting as exit nodes for the Tor Network.

*CLOUD - This category checks client IP with list of public cloud IPs.

*CLOUD_AWS - This category checks client IP with list of public cloud IPs from Amazon Web Services.

*CLOUD_GCP - This category checks client IP with list of public cloud IPs from Google Cloud Platform.

*CLOUD_AZURE - This category checks client IP with list of public cloud IPs from Azure.

*CLOUD_ORACLE - This category checks client IP with list of public cloud IPs from Oracle.

*CLOUD_IBM - This category checks client IP with list of public cloud IPs from IBM.

*CLOUD_SALESFORCE - This category checks client IP with list of public cloud IPs from Salesforce.

Choices:

  • "IP"

  • "BOTNETS"

  • "SPAM_SOURCES"

  • "SCANNERS"

  • "DOS"

  • "REPUTATION"

  • "PHISHING"

  • "PROXY"

  • "NETWORK"

  • "MOBILE_THREATS"

  • "WINDOWS_EXPLOITS"

  • "WEB_ATTACKS"

  • "TOR_PROXY"

  • "CLOUD"

  • "CLOUD_AWS"

  • "CLOUD_GCP"

  • "CLOUD_AZURE"

  • "CLOUD_ORACLE"

  • "CLOUD_IBM"

  • "CLOUD_SALESFORCE"

logmessage

string

Message to be logged for this binding.

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

name

string

Name for the profile. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.), pound (#), space ( ), at (@), equals (=), colon (:), and underscore (_) characters. Cannot be changed after the profile is added.

The following requirement applies only to the Citrix ADC CLI:

If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my profile” or ‘my profile’).

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When present, the resource will be added/updated configured according to the module’s parameters.

When absent, the resource will be deleted from the NetScaler ADC node.

Choices:

  • "present" ← (default)

  • "absent"

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Notes

Note

Examples

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)