starred/sophos-firewall-sdk

Fork 0

mirror of https://github.com/sophos/sophos-firewall-sdk.git synced 2026-04-27 00:25:49 +03:00

[PR #95] [MERGED] feat: Manage WebFilter Policies and User Activities #92

New issue

Closed

opened 2026-02-27 23:19:00 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 23:19:00 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/sophos/sophos-firewall-sdk/pull/95
Author: @mamullen13316
Created: 6/30/2025
Status: ✅ Merged
Merged: 6/30/2025
Merged by: @mamullen13316

Base: main ← Head: web_policy

📝 Commits (3)

7104266 feat: webfilterpolicy and useractivity management
b5c8d20 fix: take out the debugging statements
73cfc7c update workflow

📊 Changes

7 files changed (+666 additions, -2 deletions)

View changed files

📝 .github/workflows/documentation.yaml (+1 -1)
📝 pyproject.toml (+1 -1)
📝 sophosfirewall_python/firewallapi.py (+163 -0)
➕ sophosfirewall_python/templates/createuseractivity.j2 (+22 -0)
➕ sophosfirewall_python/templates/createwebfilterpolicy.j2 (+61 -0)
➕ sophosfirewall_python/templates/updatewebfilterpolicy.j2 (+102 -0)
➕ sophosfirewall_python/web.py (+316 -0)

📄 Description

Provide ability to manage WebFilter Policies and User Activities as mentioned in Issue 94

Setup

from sophosfirewall_python.firewallapi import SophosFirewall, SophosFirewallZeroRecords
fw = SophosFirewall(username, password, "testfirewall.sophos.net", port=4444, verify=False)

Listing and retrieving existing Web Policies

# View all policies
fw.get_webfilterpolicy()

# View a single policy by name
fw.get_webfilterpolicy(name='MyPolicy')

Creating, modifying, and deleting Web Policies

Creating

# Define the rules. Many other available settings here, keeping it simple and using defaults. 
  rules = [
  {
    "categories": [
      {
        "id": "Extreme",
        "type": "WebCategory"
      }
    ],
    "http_action": "Deny"
  },
  {
    "categories": [
      {
        "id": "All web traffic",
        "type": "WebCategory"
      }
    ],
    "http_action": "Allow"
  }
]
# Create the policy
fw.create_webfilterpolicy(name="MyPolicy", default_action="Deny", description="test policy", rules=rules)

# Another example with a rule having > 1 category and assigned to a group
rules = [
    {
        "categories": [
            {
                "id": "Militancy & Extremist",
                "type": "WebCategory"
            },
            {
                "id": "Extreme",
                "type": "WebCategory"
            }
        ],
        "http_action": "Deny",
        "https_action": "Deny",
        "user_list": [
            "Guest Group"
        ]
    }
]

fw.create_webfilterpolicy(name="MyPolicy2", default_action="Deny", description="test policy", rules=rules)

Modifying

Any of the policy settings can be modified, however for rules we can only support add and replace options. This is because the individual rules do not have any single identifier such as a name. To match a rule for modify or delete operations would be difficult due to the numerous settings in each rule that would have to match exactly to the input provided by the rules argument. If an individual rule needs to be modified, to work around this would require defining all of the rules that are needed in the policy in the rules argument and then use rule_action='replace'.

# Modify the description of a policy
fw.update_webfilterpolicy(name="MyPolicy", default_action="Deny", description="Updated description")

# Add a rule to the policy (default action is add)
rules = [{"categories": [{"id": "Advertisements", "type": "WebCategory"}], "http_action": "Deny"}]
fw.update_webfilterpolicy(name="MyPolicy", default_action="Deny", rules=rules)

# Replace the rules on a policy
rules = [{"categories": [{"id": "Militancy & Extremist", "type": "WebCategory"}, {"id": "Extreme", "type": "WebCategory"}], "http_action": "Deny", "https_action": "Deny"}]

fw.update_webfilterpolicy(name="MyPolicy", default_action="Deny", rule_action="replace", rules=rules)

Deleting

We can use the generic remove method.

fw.remove(fw.remove(xml_tag="WebFilterPolicy", name="MyPolicy")

Creating custom User Activities (e.g., specific categories or URL groups)

The new functionality included with this PR is creation of User Activities. Management of URL Groups is already available using create_urlgroup() and update_urlgroup. We have not addressed creating custom Categories in this PR.

Creating

# Define the categories
categories = [{"id": "Extreme", "type": "web category"}, {"id": "Local TLS exclusion list", "type": "url group"}, {"id": "Aud
 io Files", "type": "file type"}]

# Create the User Activity
fw.create_useractivity(name="MyUserActivity", description="Custom User Activity", category_list=categories)

Assigning User Activities to Web Policies or directly to specific users

# Assign custom User Activity to Web Policy
rules = [{"categories": [{"id": "MyUserActivity", "type": "UserActivity"}], "https_action": "Deny", "http_action": "Deny"}]

fw.create_webfilterpolicy(name="MyPolicyWithCustomUserActivity", default_action="Deny", rules=rules)

# Assign custom User Activity to Web Policy with specific user
rules = [{"categories": [{"id": "MyUserActivity", "type": "UserActivity"}], "https_action": "Deny", "http_action": "Deny", "user_list": ["testuser"]}]

fw.create_webfilterpolicy(name="MyPolicyWithUserAssignedActivity", default_action="Deny", rules=rules)

Retrieving existing User Activities for audit purposes

# Get all User Activities
fw.get_useractivity()

# Get specific User Activity
fw.get_useractivity(name='MyUserActivity')


---

<sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

## 📋 Pull Request Information **Original PR:** https://github.com/sophos/sophos-firewall-sdk/pull/95 **Author:** [@mamullen13316](https://github.com/mamullen13316) **Created:** 6/30/2025 **Status:** ✅ Merged **Merged:** 6/30/2025 **Merged by:** [@mamullen13316](https://github.com/mamullen13316) **Base:** `main` ← **Head:** `web_policy` --- ### 📝 Commits (3) - [`7104266`](https://github.com/sophos/sophos-firewall-sdk/commit/71042660dca232ad9c41c70ac3fcb9328ad189b6) feat: webfilterpolicy and useractivity management - [`b5c8d20`](https://github.com/sophos/sophos-firewall-sdk/commit/b5c8d20cb581450af02fd184e3e0c1ba8cf02fac) fix: take out the debugging statements - [`73cfc7c`](https://github.com/sophos/sophos-firewall-sdk/commit/73cfc7c521fc66b1bb1982a6c74cc57b173190c9) update workflow ### 📊 Changes **7 files changed** (+666 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/documentation.yaml` (+1 -1) 📝 `pyproject.toml` (+1 -1) 📝 `sophosfirewall_python/firewallapi.py` (+163 -0) ➕ `sophosfirewall_python/templates/createuseractivity.j2` (+22 -0) ➕ `sophosfirewall_python/templates/createwebfilterpolicy.j2` (+61 -0) ➕ `sophosfirewall_python/templates/updatewebfilterpolicy.j2` (+102 -0) ➕ `sophosfirewall_python/web.py` (+316 -0) </details> ### 📄 Description Provide ability to manage WebFilter Policies and User Activities as mentioned in Issue [94](https://github.com/sophos/sophos-firewall-sdk/issues/94) ## Setup ```python from sophosfirewall_python.firewallapi import SophosFirewall, SophosFirewallZeroRecords fw = SophosFirewall(username, password, "testfirewall.sophos.net", port=4444, verify=False) ``` ## Listing and retrieving existing Web Policies ```python # View all policies fw.get_webfilterpolicy() # View a single policy by name fw.get_webfilterpolicy(name='MyPolicy') ``` ## Creating, modifying, and deleting Web Policies ### Creating ```python # Define the rules. Many other available settings here, keeping it simple and using defaults. rules = [ { "categories": [ { "id": "Extreme", "type": "WebCategory" } ], "http_action": "Deny" }, { "categories": [ { "id": "All web traffic", "type": "WebCategory" } ], "http_action": "Allow" } ] # Create the policy fw.create_webfilterpolicy(name="MyPolicy", default_action="Deny", description="test policy", rules=rules) # Another example with a rule having > 1 category and assigned to a group rules = [ { "categories": [ { "id": "Militancy & Extremist", "type": "WebCategory" }, { "id": "Extreme", "type": "WebCategory" } ], "http_action": "Deny", "https_action": "Deny", "user_list": [ "Guest Group" ] } ] fw.create_webfilterpolicy(name="MyPolicy2", default_action="Deny", description="test policy", rules=rules) ``` ### Modifying Any of the policy settings can be modified, however for rules we can only support `add` and `replace` options. This is because the individual rules do not have any single identifier such as a name. To match a rule for modify or delete operations would be difficult due to the numerous settings in each rule that would have to match exactly to the input provided by the `rules` argument. If an individual rule needs to be modified, to work around this would require defining all of the rules that are needed in the policy in the `rules` argument and then use `rule_action='replace'`. ```python # Modify the description of a policy fw.update_webfilterpolicy(name="MyPolicy", default_action="Deny", description="Updated description") # Add a rule to the policy (default action is add) rules = [{"categories": [{"id": "Advertisements", "type": "WebCategory"}], "http_action": "Deny"}] fw.update_webfilterpolicy(name="MyPolicy", default_action="Deny", rules=rules) # Replace the rules on a policy rules = [{"categories": [{"id": "Militancy & Extremist", "type": "WebCategory"}, {"id": "Extreme", "type": "WebCategory"}], "http_action": "Deny", "https_action": "Deny"}] fw.update_webfilterpolicy(name="MyPolicy", default_action="Deny", rule_action="replace", rules=rules) ``` ### Deleting We can use the generic `remove` method. ```python fw.remove(fw.remove(xml_tag="WebFilterPolicy", name="MyPolicy") ``` ## Creating custom User Activities (e.g., specific categories or URL groups) The new functionality included with this PR is creation of User Activities. Management of URL Groups is already available using `create_urlgroup()` and `update_urlgroup`. We have not addressed creating custom Categories in this PR. ### Creating ```python # Define the categories categories = [{"id": "Extreme", "type": "web category"}, {"id": "Local TLS exclusion list", "type": "url group"}, {"id": "Aud io Files", "type": "file type"}] # Create the User Activity fw.create_useractivity(name="MyUserActivity", description="Custom User Activity", category_list=categories) ``` ## Assigning User Activities to Web Policies or directly to specific users ```python # Assign custom User Activity to Web Policy rules = [{"categories": [{"id": "MyUserActivity", "type": "UserActivity"}], "https_action": "Deny", "http_action": "Deny"}] fw.create_webfilterpolicy(name="MyPolicyWithCustomUserActivity", default_action="Deny", rules=rules) # Assign custom User Activity to Web Policy with specific user rules = [{"categories": [{"id": "MyUserActivity", "type": "UserActivity"}], "https_action": "Deny", "http_action": "Deny", "user_list": ["testuser"]}] fw.create_webfilterpolicy(name="MyPolicyWithUserAssignedActivity", default_action="Deny", rules=rules) ``` ## Retrieving existing User Activities for audit purposes ```python # Get all User Activities fw.get_useractivity() # Get specific User Activity fw.get_useractivity(name='MyUserActivity') --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem

2026-02-27 23:19:00 +03:00

closed this issue
added the
pull-request
label

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/sophos-firewall-sdk#92

No description provided.

Rows
Columns