---
title: Download official SVR.JS mods
date: 2023-12-21 20:42:00
---
SVR.JS has these official SVR.JS mods:

*   [**Berno**](https://downloads.svrjs.org/mods/berno.ssi.1.1.0.tar.gz) - SSI (Server-Side Includes) engine (**not maintained**). ***Latest version: 1.1.0***
*   [**easy-waf integration**](https://downloads.svrjs.org/mods/easywaf.integration.1.2.4.tar.gz) - WAF (web application firewall) mod. ***Latest version: 1.2.4***
*   [**forward-proxy-mod**](https://downloads.svrjs.org/mods/forward-proxy-mod.1.0.0.tar.gz) - mod, that enables SVR.JS to do forward proxy functionality. ***Latest version: 1.0.0***
*   [**GreenRhombus**](https://downloads.svrjs.org/mods/greenrhombus.fastcgi.1.0.7.tar.gz) - FastCGI (Fast Common Gateway Interface) client. ***Latest version: 1.0.7***
*   [**Next.js integration**](https://downloads.svrjs.org/mods/nextjs.integration.1.0.0.tar.gz) - mod, that enables SVR.JS to serve Next.js applications. ***Latest version: 1.0.0***
*   [**OrangeCircle**](https://downloads.svrjs.org/mods/orangecircle.scgi.1.2.1.tar.gz) - SCGI (Simple Common Gateway Interface) client. ***Latest version: 1.2.1***
*   [**RedBrick**](https://downloads.svrjs.org/mods/redbrick.cgi.2.6.2.tar.gz) - CGI (Common Gateway Interface) engine. ***Latest version: 2.6.2***
*   [**reverse-proxy-mod**](https://downloads.svrjs.org/mods/reverse-proxy-mod.1.1.4.tar.gz) - mod, that enables SVR.JS to do reverse proxy functionality. ***Latest version: 1.1.4***
*   [**YellowSquare**](https://downloads.svrjs.org/mods/yellowsquare.jsgi.1.1.3.tar.gz) - JSGI (JavaScript Gateway Interface) engine. ***Latest version: 1.1.3***

**All of these mods are licensed under MIT/X11 license.**

## Notes

### Berno

Current version of Berno allows SSI only in _.shtml_ files. Berno includes parts from very old version of RedBrick (1.x) to handle "exec" SSI directives.

### easy-waf integration

**NOTICE: Using a WAF (Web Application Firewall) is no subsitute for web application security, because attacker will find a way to bypass the WAF.**

Configuration file is _easywaf-config.json_ inside SVR.JS installation directory. Configuration is passed to easy-waf. You can see documentation at [its GitHub page](https://github.com/timokoessler/easy-waf). This mod requires _easy-waf_ Node.JS module.

From easy-waf-integration 1.2.0, there is also additional mailConfig property, which is an object with those values:

*   _serverConfig_ - server configuration object passed to _nodemailer_
*   _from_ - source e-mail address
*   _to_ - destination e-mail address

These versions support sending email in case of blocked request (requires _nodemailer_ module).

From easy-waf-integration 1.2.0, there is support of pre-block and post-block hooks in _easywaf-hooks.js_ inside SVR.JS installation directory.

Example _easywaf-hooks.js_ code:

```js
//EasyWAF hooks. For more information read the easy-waf documentation in GitHub.

function preBlockHook(req, moduleInfo, ip) {
  //You can add exceptions for WAF. In this example we do add exception for "cgi-bin".
  if (moduleInfo.name == 'directoryTraversal' && req.url.match(/\/cgi-bin(?:$|[#?/])/)) return false;
  //We're also adding XSS exception for YaBB forum software to prevent false positives
  if (moduleInfo.name == 'xss' && /\/YaBB\.(?:pl|cgi)(?:$|[?#])/.test(req.url) && /(?:(\\?)|[;&])action=(?:post2|modify2|imsend2|cdchatupdate|ajxmessage)($|[;&#])/.test(req.url)) return false;
}

function postBlockHook(req, moduleInfo, ip) {
  //You can, for example send an e-mail notification or log it into file.
}

module.exports = {postBlockHook: postBlockHook, preBlockHook: preBlockHook};
```

From easy-waf-integration 1.2.4, there are additional configuration properties:

*   _maxRequestCheckedSize_ - maximum size of the request body (in bytes) to be checked. Default is `65536` (64 KiB).
*   _maxRequestCheckedSizeStrict_ - option to enable strict request body limits. If the limits are exceeded, then the server will return a 413 Content Too Large error. Default is `false`.

If you're using SVR.JS behind a reverse proxy, you need to configure _trustProxy_ property in _easy-waf_ configuration.

Example _easywaf-config.json_ file:
```json
{
  "modules": {
    "xss": {
      "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\/|^\\/(?:(?:navbar-)?logo|powered).png$/"
    },
    "noSqlInjection": {
      "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//"
    },
    "crlfInjection": {
      "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//"
    }
  },
  "mailConfig": {
    "serverConfig": {
      "host": "localhost",
      "port": 25,
      "secure": false,
      "ignoreTLS": true
    },
    "from": "svrjs@localhost",
    "to": "sysadmin@localhost"
  }
}
```

_View the [change log.](/easy-waf-integration-changelog)_

### forward-proxy-mod

_Notes are in the [SVR.JS documentation.](/docs#Forward-proxy-notes)_
_View the [change log.](/forward-proxy-mod-changelog)_

### GreenRhombus

_Notes are in the [SVR.JS documentation.](/docs#FastCGI-PHP-FPM)_
_View the [change log.](/greenrhombus-changelog)_

### Next.js integration

The webroot (_wwwroot_ _config.json_ property) serves as a Next.js application directory. It's recommended to set the owner of the Next.js application directory (around with all the files in it) as the user, on which SVR.JS is running (usually "svrjs"). Setting a `NODE_ENV` environment variable to `development` in SVR.JS configuration enables Next.js development server.

It's also recommended to forbid the access to ".env" file and ".git" directories, in case Next.js integration mod fails to load. You can set up _nonStandardCodes_ _config.json_ property like this:
```json
{
  "nonStandardCodes": [
    {
      "scode": 403,
      "regex": "/^\\/\\.env(?:\\.local|\\.production)?(?:$|[#?])/"
    },
    { 
      "scode": 403,
      "regex": "/^\\/\\.git/"
    },
    ...other non-standard codes...
  ],
  ...other config.json properties...
}
```

_View the [change log.](/nextjs-integration-changelog)_

### OrangeCircle

_Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_
_View the [change log.](/orangecircle-changelog)_

### RedBrick

_Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_
_View the [change log.](/redbrick-changelog)_

### reverse-proxy-mod

_Notes moved to [SVR.JS documentation.](/docs#Reverse-proxy-configuration)_
_View the [change log.](/reverse-proxy-mod-changelog)_

### YellowSquare

_Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_
_View the [change log.](/yellowsquare-changelog)_

## Download older versions of mods

[You can download older versions of SVR.JS mods.](https://downloads.svrjs.org/mods)

## Download deprecated mods

**WARNING! Deprecated SVR.JS mods are not maintained anymore, and may have NO DOCUMENTATION available and have SECURITY VULNERABILITIES.**

[You can download deprecated SVR.JS mods.](https://downloads.svrjs.org/mods/deprecated)