* [**forward-proxy-mod**](https://downloads.svrjs.org/mods/forward-proxy-mod.1.0.0.tar.gz) - mod, that enables SVR.JS to do forward proxy functionality. ***Latest version: 1.0.0***
* [**reverse-proxy-mod**](https://downloads.svrjs.org/mods/reverse-proxy-mod.1.1.4.tar.gz) - mod, that enables SVR.JS to do reverse proxy functionality. ***Latest version: 1.1.4***
**All of those mods are licensed under MIT/X11 license.**
## Notes
### Berno
Current version of Berno allows SSI only in _.shtml_ files. Berno includes parts from very old version of RedBrick (1.x) to handle "exec" SSI directives.
### easy-waf integration
**NOTICE: Using a WAF (Web Application Firewall) is no subsitute for web application security, because attacker will find a way to bypass the WAF.**
Configuration file is _easywaf-config.json_ inside SVR.JS installation directory. Configuration is passed to easy-waf. You can see documentation at [its GitHub page](https://github.com/timokoessler/easy-waf). This mod requires _easy-waf_ Node.JS module.
From easy-waf-integration 1.2.0, there is also additional mailConfig property, which is an object with those values:
*_serverConfig_ - server configuration object passed to _nodemailer_
*_from_ - source e-mail address
*_to_ - destination e-mail address
These versions support sending email in case of blocked request (requires _nodemailer_ module).
From easy-waf-integration 1.2.0, there is support of pre-block and post-block hooks in _easywaf-hooks.js_ inside SVR.JS installation directory.
Example _easywaf-hooks.js_ code:
```js
//EasyWAF hooks. For more information read the easy-waf documentation in GitHub.
function preBlockHook(req, moduleInfo, ip) {
//You can add exceptions for WAF. In this example we do add exception for "cgi-bin".
if (moduleInfo.name == 'directoryTraversal' && req.url.match(/\/cgi-bin(?:$|[#?/])/)) return false;
//We're also adding XSS exception for YaBB forum software to prevent false positives
if (moduleInfo.name == 'xss' && /\/YaBB\.(?:pl|cgi)(?:$|[?#])/.test(req.url) && /(?:(\\?)|[;&])action=(?:post2|modify2|imsend2|cdchatupdate|ajxmessage)($|[;&#])/.test(req.url)) return false;
}
function postBlockHook(req, moduleInfo, ip) {
//You can, for example send an e-mail notification or log it into file.
From easy-waf-integration 1.2.4, there are additional configuration properties:
*_maxRequestCheckedSize_ - maximum size of the request body (in bytes) to be checked. Default is `65536` (64 KiB).
*_maxRequestCheckedSizeStrict_ - option to enable strict request body limits. If the limits are exceeded, then the server will return a 413 Content Too Large error. Default is `false`.
If you're using SVR.JS behind a reverse proxy, you need to configure _trustProxy_ property in _easy-waf_ configuration.