Last updated on: 2024-04-01 03:24:20.
bigip_sslo_service_icap – Manage an SSL Orchestrator ICAP security device¶
New in version 1.6.0.
Parameters¶
| Parameter | Choices/Defaults | Configuration | Comments | |
|---|---|---|---|---|
|
allow_http10
boolean
|
|
Enables or disables HTTP/1.0 support to ICAP.
When creating an ICAP service, if the parameter is not provided a default value of
false is assumed. |
||
|
cpm_policies
string
added in 3.4.0 |
Specify the ICAP Policy. The ICAP policy is defined by the Central Policy Manager (CPM) policy from BIG-IP LTM.
Local traffic policies and centralized management interfaces collectively as CPM. The default value is
"".The policy mentioned should be avialable in the Big-IP.
|
|||
|
devices
list
/ elements=dictionary
|
Specifies a list of listening IP:ports for each ICAP security device.
This parameter is required when creating a new ICAP service object.
|
|||
|
ip
string
|
Specifies the IP address for the ICAP security device.
|
|||
|
port
integer
|
Specifies the port for the ICAP security device.
Valid value range is from
0 to 65535. |
|||
|
dump_json
boolean
|
|
Sets the module to output a JSON blob for further consumption.
When
true, does not make any changes on the device and always returns changed=False.The output provided is idempotent in nature, meaning if there are no changes to be made during
MODIFY on an existing service, no JSON output is generated. |
||
|
enable_one_connect
boolean
|
|
Enables or disables OneConnect optimization to the ICAP server.
When creating an ICAP service, if the parameter is not provided a default value of
true is assumed. |
||
|
headers
dictionary
|
Settings related to custom headers to be inserted to the ICAP server.
|
|||
|
enable
boolean
|
|
Enables or disables custom headers to be inserted to the ICAP server.
If
true, the referrer, host, user_agent and h_from parameters are mandatory when creating a new service object.When creating an ICAP service, if the parameter is not provided a default of value
false is assumed. |
||
|
h_from
string
|
Specifies a From header to pass to the ICAP service.
Required when creating a new service object with the
enable value set to true. |
|||
|
host
string
|
Specifies a Host header to pass to the ICAP service.
Required when creating a new service object with the
enable value set to true. |
|||
|
referrer
string
|
Specifies a Referrer header to pass to the ICAP service.
Required when creating a new service object with the
enable value set to true. |
|||
|
user_agent
string
|
Specifies a User-Agent header to pass to the ICAP service.
Required when creating a new service object with the
enable value set to true. |
|||
|
ip_family
string
|
|
Specifies the IP family used for attaching ICAP security devices.
When creating an ICAP service, if the parameter is not provided a default of
ipv4 is assumed. |
||
|
monitor
string
|
Specifies the monitor attached the ICAP security device pool. The monitor must already exist on the BIG-IP.
When creating an ICAP service, if the parameter is not provided a default of
/Common/tcp is assumed. |
|||
|
name
string
/ required
|
Specifies the name of the ICAP service object.
The configuration auto-prepends
ssloS_ to the object.Names should be less than 14 characters and not contain dashes
-. |
|||
|
preview_length
integer
|
Specifies the ICAP preview length value, in bytes.
Valid value range is from
0 to 51200 bytes.When creating an ICAP service, if the parameter is not provided a default value of
1024 is assumed. |
|||
|
request_uri
string
|
Specifies the ICAP request URI. This URI must always start with a forward slash
/ e.g. /avscan.When creating an ICAP service, if the parameter is not provided a default value of
/ is assumed. |
|||
|
response_uri
string
|
Specifies the ICAP response URI. This URI must always start with a forward slash
/ e.g. /avscan.When creating an ICAP service, if the parameter is not provided a default value of
/ is assumed. |
|||
|
service_down_action
string
|
|
Specifies the action to take on monitor failure.
Setting to
ignore bypasses the security device in the service chain.Setting to
reset or drop resets or drops the connection, respectively, if the service monitor fails.When creating an ICAP service, if the parameter is not provided a default value of
ignore is assumed. |
||
|
service_entry_ssl_profile
string
added in 3.4.0 |
Specify the Server SSL profile to be used for re-encrypting the traffic.
The selected Server SSL profile will be attached to the service virtual server. The default value is
"". |
|||
|
state
string
|
|
When
state is present, ensures the object is created or modified.When
state is absent, ensures the service is removed. |
||
|
timeout
integer
|
Default: 300
|
The amount of time to wait for the
CREATE, MODIFY or DELETE task to complete, in seconds.The accepted value range is between
10 and 1800 seconds. |
||
|
vendor_info
string
added in 3.4.0 |
Specifies the vendor-specific service used. The default is
"Generic ICAP Service". |
|||
Examples¶
- name: Create SSLO ICAP service
bigip_sslo_service_icap:
name: "icap1"
ip_family: "ipv4"
devices:
- ip: "1.1.1.1"
port: 1344
- ip: "2.2.2.2"
port: 1348
headers:
enable: true
h_from: "foo_from"
host: "foo_host"
user_agent: "foo_ua"
referrer: "foo_referrer"
enable_one_connect: false
preview_length: 2048
service_down_action: "drop"
allow_http10: true
- name: Modify SSLO ICAP service
bigip_sslo_service_icap:
name: "icap1"
request_uri: "/avscan"
response_uri: "/avscan"
preview_length: 1024
headers:
enable: false
- name: Delete SSLO ICAP service
bigip_sslo_service_icap:
name: "icap1"
state: "absent"
Return Values¶
The following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
|
allow_http10
boolean
|
changed |
Enables or disables HTTP/1.0 support to ICAP.
Sample:
True
|
|
|
devices
complex
|
changed |
A list of listening IP:ports for each ICAP security device.
|
|
|
ip
string
|
changed |
The IP address for the ICAP security device.
Sample:
1.1.1.1
|
|
|
port
integer
|
changed |
The port for the ICAP security device.
Sample:
1344
|
|
|
enable_one_connect
boolean
|
changed |
Enables or disables OneConnect optimization to the ICAP server.
Sample:
True
|
|
|
headers
complex
|
changed |
Settings related to custom headers to be inserted to the ICAP server.
|
|
|
enable
boolean
|
changed |
Enables or disables custom headers to be inserted to the ICAP server.
Sample:
True
|
|
|
h_from
string
|
changed |
The From header to pass to the ICAP service.
Sample:
my_from
|
|
|
host
string
|
changed |
The Host header to pass to the ICAP service.
Sample:
my_host
|
|
|
referrer
string
|
changed |
The Referrer header to pass to the ICAP service.
Sample:
my_referrer
|
|
|
user_agent
string
|
changed |
The User-Agent header to pass to the ICAP service
Sample:
my_user_agent
|
|
|
ip_family
string
|
changed |
The IP family used for attached ICAP security devices.
Sample:
ipv4
|
|
|
monitor
string
|
changed |
The monitor attached the ICAP security device pool.
Sample:
/Common/tcp
|
|
|
preview_length
integer
|
changed |
The ICAP preview length value, in bytes.
Sample:
1024
|
|
|
request_uri
string
|
changed |
The ICAP request URI.
Sample:
/avscan
|
|
|
response_uri
string
|
changed |
The ICAP response URI.
Sample:
/avscan
|
|
|
service_down_action
string
|
changed |
The action to take on monitor failure.
Sample:
ignore
|
|