 
    New in version 2.8.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | ||||
|---|---|---|---|---|---|---|
| host 
                    -
                     / required                     | FortiOS or FortiGate ip address. | |||||
| https 
                    boolean
                                         | 
 | Indicates if the requests towards FortiGate must use HTTPS protocol | ||||
| password 
                    -
                                         | Default: "" | FortiOS or FortiGate password. | ||||
| username 
                    -
                     / required                     | FortiOS or FortiGate username. | |||||
| vdom 
                    -
                                         | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||||
| webfilter_profile 
                    -
                                         | Default: null | Configure Web filter profiles. | ||||
| comment 
                    -
                                         | Optional comments. | |||||
| extended-log 
                    -
                                         | 
 | Enable/disable extended logging for web filtering. | ||||
| ftgd-wf 
                    -
                                         | FortiGuard Web Filter settings. | |||||
| exempt-quota 
                    -
                                         | Do not stop quota for these categories. | |||||
| filters 
                    -
                                         | FortiGuard filters. | |||||
| action 
                    -
                                         | 
 | Action to take for matches. | ||||
| auth-usr-grp 
                    -
                                         | Groups with permission to authenticate. | |||||
| name 
                    -
                     / required                     | User group name. Source user.group.name. | |||||
| category 
                    -
                                         | Categories and groups the filter examines. | |||||
| id 
                    -
                     / required                     | ID number. | |||||
| log 
                    -
                                         | 
 | Enable/disable logging. | ||||
| override-replacemsg 
                    -
                                         | Override replacement message. | |||||
| warn-duration 
                    -
                                         | Duration of warnings. | |||||
| warning-duration-type 
                    -
                                         | 
 | Re-display warning after closing browser or after a timeout. | ||||
| warning-prompt 
                    -
                                         | 
 | Warning prompts in each category or each domain. | ||||
| max-quota-timeout 
                    -
                                         | Maximum FortiGuard quota used by single page view in seconds (excludes streams). | |||||
| options 
                    -
                                         | 
 | Options for FortiGuard Web Filter. | ||||
| ovrd 
                    -
                                         | Allow web filter profile overrides. | |||||
| quota 
                    -
                                         | FortiGuard traffic quota settings. | |||||
| category 
                    -
                                         | FortiGuard categories to apply quota to (category action must be set to monitor). | |||||
| duration 
                    -
                                         | Duration of quota. | |||||
| id 
                    -
                     / required                     | ID number. | |||||
| override-replacemsg 
                    -
                                         | Override replacement message. | |||||
| type 
                    -
                                         | 
 | Quota type. | ||||
| unit 
                    -
                                         | 
 | Traffic quota unit of measurement. | ||||
| value 
                    -
                                         | Traffic quota value. | |||||
| rate-crl-urls 
                    -
                                         | 
 | Enable/disable rating CRL by URL. | ||||
| rate-css-urls 
                    -
                                         | 
 | Enable/disable rating CSS by URL. | ||||
| rate-image-urls 
                    -
                                         | 
 | Enable/disable rating images by URL. | ||||
| rate-javascript-urls 
                    -
                                         | 
 | Enable/disable rating JavaScript by URL. | ||||
| https-replacemsg 
                    -
                                         | 
 | Enable replacement messages for HTTPS. | ||||
| inspection-mode 
                    -
                                         | 
 | Web filtering inspection mode. | ||||
| log-all-url 
                    -
                                         | 
 | Enable/disable logging all URLs visited. | ||||
| name 
                    -
                     / required                     | Profile name. | |||||
| options 
                    -
                                         | 
 | Options. | ||||
| override 
                    -
                                         | Web Filter override settings. | |||||
| ovrd-cookie 
                    -
                                         | 
 | Allow/deny browser-based (cookie) overrides. | ||||
| ovrd-dur 
                    -
                                         | Override duration. | |||||
| ovrd-dur-mode 
                    -
                                         | 
 | Override duration mode. | ||||
| ovrd-scope 
                    -
                                         | 
 | Override scope. | ||||
| ovrd-user-group 
                    -
                                         | User groups with permission to use the override. | |||||
| name 
                    -
                     / required                     | User group name. Source user.group.name. | |||||
| profile 
                    -
                                         | Web filter profile with permission to create overrides. | |||||
| name 
                    -
                     / required                     | Web profile. Source webfilter.profile.name. | |||||
| profile-attribute 
                    -
                                         | 
 | Profile attribute to retrieve from the RADIUS server. | ||||
| profile-type 
                    -
                                         | 
 | Override profile type. | ||||
| ovrd-perm 
                    -
                                         | 
 | Permitted override types. | ||||
| post-action 
                    -
                                         | 
 | Action taken for HTTP POST traffic. | ||||
| replacemsg-group 
                    -
                                         | Replacement message group. Source system.replacemsg-group.name. | |||||
| state 
                    -
                                         | 
 | Indicates whether to create or remove the object | ||||
| web 
                    -
                                         | Web content filtering settings. | |||||
| blacklist 
                    -
                                         | 
 | Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. | ||||
| bword-table 
                    -
                                         | Banned word table ID. Source webfilter.content.id. | |||||
| bword-threshold 
                    -
                                         | Banned word score threshold. | |||||
| content-header-list 
                    -
                                         | Content header list. Source webfilter.content-header.id. | |||||
| keyword-match 
                    -
                                         | Search keywords to log when match is found. | |||||
| pattern 
                    -
                     / required                     | Pattern/keyword to search for. | |||||
| log-search 
                    -
                                         | 
 | Enable/disable logging all search phrases. | ||||
| safe-search 
                    -
                                         | 
 | Safe search type. | ||||
| urlfilter-table 
                    -
                                         | URL filter table ID. Source webfilter.urlfilter.id. | |||||
| whitelist 
                    -
                                         | 
 | FortiGuard whitelist settings. | ||||
| youtube-restrict 
                    -
                                         | 
 | YouTube EDU filter level. | ||||
| web-content-log 
                    -
                                         | 
 | Enable/disable logging logging blocked web content. | ||||
| web-extended-all-action-log 
                    -
                                         | 
 | Enable/disable extended any filter action logging for web filtering. | ||||
| web-filter-activex-log 
                    -
                                         | 
 | Enable/disable logging ActiveX. | ||||
| web-filter-applet-log 
                    -
                                         | 
 | Enable/disable logging Java applets. | ||||
| web-filter-command-block-log 
                    -
                                         | 
 | Enable/disable logging blocked commands. | ||||
| web-filter-cookie-log 
                    -
                                         | 
 | Enable/disable logging cookie filtering. | ||||
| web-filter-cookie-removal-log 
                    -
                                         | 
 | Enable/disable logging blocked cookies. | ||||
| web-filter-js-log 
                    -
                                         | 
 | Enable/disable logging Java scripts. | ||||
| web-filter-jscript-log 
                    -
                                         | 
 | Enable/disable logging JScripts. | ||||
| web-filter-referer-log 
                    -
                                         | 
 | Enable/disable logging referrers. | ||||
| web-filter-unknown-log 
                    -
                                         | 
 | Enable/disable logging unknown scripts. | ||||
| web-filter-vbs-log 
                    -
                                         | 
 | Enable/disable logging VBS scripts. | ||||
| web-ftgd-err-log 
                    -
                                         | 
 | Enable/disable logging rating errors. | ||||
| web-ftgd-quota-usage 
                    -
                                         | 
 | Enable/disable logging daily quota usage. | ||||
| web-invalid-domain-log 
                    -
                                         | 
 | Enable/disable logging invalid domain names. | ||||
| web-url-log 
                    -
                                         | 
 | Enable/disable logging URL filtering. | ||||
| wisp 
                    -
                                         | 
 | Enable/disable web proxy WISP. | ||||
| wisp-algorithm 
                    -
                                         | 
 | WISP server selection algorithm. | ||||
| wisp-servers 
                    -
                                         | WISP servers. | |||||
| name 
                    -
                     / required                     | Server name. Source web-proxy.wisp.name. | |||||
| youtube-channel-filter 
                    -
                                         | YouTube channel filter. | |||||
| channel-id 
                    -
                                         | YouTube channel ID to be filtered. | |||||
| comment 
                    -
                                         | Comment. | |||||
| id 
                    -
                     / required                     | ID. | |||||
| youtube-channel-status 
                    -
                                         | 
 | YouTube channel filter status. | ||||
Note
- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
  tasks:
  - name: Configure Web filter profiles.
    fortios_webfilter_profile:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      webfilter_profile:
        state: "present"
        comment: "Optional comments."
        extended-log: "enable"
        ftgd-wf:
            exempt-quota: "<your_own_value>"
            filters:
             -
                action: "block"
                auth-usr-grp:
                 -
                    name: "default_name_10 (source user.group.name)"
                category: "11"
                id:  "12"
                log: "enable"
                override-replacemsg: "<your_own_value>"
                warn-duration: "<your_own_value>"
                warning-duration-type: "session"
                warning-prompt: "per-domain"
            max-quota-timeout: "18"
            options: "error-allow"
            ovrd: "<your_own_value>"
            quota:
             -
                category: "<your_own_value>"
                duration: "<your_own_value>"
                id:  "24"
                override-replacemsg: "<your_own_value>"
                type: "time"
                unit: "B"
                value: "28"
            rate-crl-urls: "disable"
            rate-css-urls: "disable"
            rate-image-urls: "disable"
            rate-javascript-urls: "disable"
        https-replacemsg: "enable"
        inspection-mode: "proxy"
        log-all-url: "enable"
        name: "default_name_36"
        options: "activexfilter"
        override:
            ovrd-cookie: "allow"
            ovrd-dur: "<your_own_value>"
            ovrd-dur-mode: "constant"
            ovrd-scope: "user"
            ovrd-user-group:
             -
                name: "default_name_44 (source user.group.name)"
            profile:
             -
                name: "default_name_46 (source webfilter.profile.name)"
            profile-attribute: "User-Name"
            profile-type: "list"
        ovrd-perm: "bannedword-override"
        post-action: "normal"
        replacemsg-group: "<your_own_value> (source system.replacemsg-group.name)"
        web:
            blacklist: "enable"
            bword-table: "54 (source webfilter.content.id)"
            bword-threshold: "55"
            content-header-list: "56 (source webfilter.content-header.id)"
            keyword-match:
             -
                pattern: "<your_own_value>"
            log-search: "enable"
            safe-search: "url"
            urlfilter-table: "61 (source webfilter.urlfilter.id)"
            whitelist: "exempt-av"
            youtube-restrict: "none"
        web-content-log: "enable"
        web-extended-all-action-log: "enable"
        web-filter-activex-log: "enable"
        web-filter-applet-log: "enable"
        web-filter-command-block-log: "enable"
        web-filter-cookie-log: "enable"
        web-filter-cookie-removal-log: "enable"
        web-filter-js-log: "enable"
        web-filter-jscript-log: "enable"
        web-filter-referer-log: "enable"
        web-filter-unknown-log: "enable"
        web-filter-vbs-log: "enable"
        web-ftgd-err-log: "enable"
        web-ftgd-quota-usage: "enable"
        web-invalid-domain-log: "enable"
        web-url-log: "enable"
        wisp: "enable"
        wisp-algorithm: "primary-secondary"
        wisp-servers:
         -
            name: "default_name_83 (source web-proxy.wisp.name)"
        youtube-channel-filter:
         -
            channel-id: "<your_own_value>"
            comment: "Comment."
            id:  "87"
        youtube-channel-status: "disable"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | 
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 | 
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT | 
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 | 
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: key1 | 
| name string | always | Name of the table used to fulfill the request Sample: urlfilter | 
| path string | always | Path of the table used to fulfill the request Sample: webfilter | 
| revision string | always | Internal revision number Sample: 17.0.2.10658 | 
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 | 
| status string | always | Indication of the operation's result Sample: success | 
| vdom string | always | Virtual domain used Sample: root | 
| version string | always | Version of the FortiGate Sample: v5.6.3 | 
Hint
If you notice any issues in this documentation you can edit this document to improve it.