--- title: Download official SVR.JS mods date: 2023-12-21 20:42:00 --- SVR.JS has these official SVR.JS mods: * [**Berno**](https://downloads.svrjs.org/mods/berno.ssi.1.1.0.tar.gz) - SSI (Server-Side Includes) engine (**not maintained**). ***Latest version: 1.1.0*** * [**easy-waf integration**](https://downloads.svrjs.org/mods/easywaf.integration.1.2.4.tar.gz) - WAF (web application firewall) mod. ***Latest version: 1.2.4*** * [**forward-proxy-mod**](https://downloads.svrjs.org/mods/forward-proxy-mod.1.0.0.tar.gz) - mod, that enables SVR.JS to do forward proxy functionality. ***Latest version: 1.0.0*** * [**GreenRhombus**](https://downloads.svrjs.org/mods/greenrhombus.fastcgi.1.0.4.tar.gz) - FastCGI (Fast Common Gateway Interface) client. ***Latest version: 1.0.4*** * [**OrangeCircle**](https://downloads.svrjs.org/mods/orangecircle.scgi.1.2.0.tar.gz) - SCGI (Simple Common Gateway Interface) client. ***Latest version: 1.2.0*** * [**RedBrick**](https://downloads.svrjs.org/mods/redbrick.cgi.2.6.1.tar.gz) - CGI (Common Gateway Interface) engine. ***Latest version: 2.6.1*** * [**reverse-proxy-mod**](https://downloads.svrjs.org/mods/reverse-proxy-mod.1.1.3.tar.gz) - mod, that enables SVR.JS to do reverse proxy functionality. ***Latest version: 1.1.3*** * [**YellowSquare**](https://downloads.svrjs.org/mods/yellowsquare.jsgi.1.1.3.tar.gz) - JSGI (JavaScript Gateway Interface) engine. ***Latest version: 1.1.3*** **All of those mods are licensed under MIT/X11 license.** ## Notes ### Berno Current version of Berno allows SSI only in _.shtml_ files. Berno includes parts from very old version of RedBrick (1.x) to handle "exec" SSI directives. ### easy-waf integration **NOTICE: Using a WAF (Web Application Firewall) is no subsitute for web application security, because attacker will find a way to bypass the WAF.** Configuration file is _easywaf-config.json_ inside SVR.JS installation directory. Configuration is passed to easy-waf. You can see documentation at [its GitHub page](https://github.com/timokoessler/easy-waf). This mod requires _easy-waf_ Node.JS module. From easy-waf-integration 1.2.0, there is also additional mailConfig property, which is an object with those values: * _serverConfig_ - server configuration object passed to _nodemailer_ * _from_ - source e-mail address * _to_ - destination e-mail address These versions support sending email in case of blocked request (requires _nodemailer_ module). From easy-waf-integration 1.2.0, there is support of pre-block and post-block hooks in _easywaf-hooks.js_ inside SVR.JS installation directory. Example _easywaf-hooks.js_ code: ```js //EasyWAF hooks. For more information read the easy-waf documentation in GitHub. function preBlockHook(req, moduleInfo, ip) { //You can add exceptions for WAF. In this example we do add exception for "cgi-bin". if (moduleInfo.name == 'directoryTraversal' && req.url.match(/\/cgi-bin(?:$|[#?/])/)) return false; //We're also adding XSS exception for YaBB forum software to prevent false positives if (moduleInfo.name == 'xss' && /\/YaBB\.(?:pl|cgi)(?:$|[?#])/.test(req.url) && /(?:(\\?)|[;&])action=(?:post2|modify2|imsend2|cdchatupdate|ajxmessage)($|[;&#])/.test(req.url)) return false; } function postBlockHook(req, moduleInfo, ip) { //You can, for example send an e-mail notification or log it into file. } module.exports = {postBlockHook: postBlockHook, preBlockHook: preBlockHook}; ``` From easy-waf-integration 1.2.4, there are additional configuration properties: * _maxRequestCheckedSize_ - maximum size of the request body (in bytes) to be checked. Default is `65536` (64 KiB). * _maxRequestCheckedSizeStrict_ - option to enable strict request body limits. If the limits are exceeded, then the server will return a 413 Content Too Large error. Default is `false`. If you're using SVR.JS behind a reverse proxy, you need to configure _trustProxy_ property in _easy-waf_ configuration. Example _easywaf-config.json_ file: ```json { "modules" : { "xss": { "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\/|^\\/(?:(?:navbar-)?logo|powered).png$/" }, "noSqlInjection": { "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//" }, "crlfInjection": { "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//" } }, "mailConfig": { "serverConfig": { "host": "localhost", "port": 25, "secure": false, "ignoreTLS": true }, "from": "svrjs@localhost", "to": "sysadmin@localhost" } } ``` _View the [change log.](/easy-waf-integration-changelog)_ ### forward-proxy-mod _Notes are in the [SVR.JS documentation.](/docs#Forward-proxy-notes)_ _View the [change log.](/forward-proxy-mod-changelog)_ ### GreenRhombus _Notes are in the [SVR.JS documentation.](/docs#FastCGI-PHP-FPM)_ _View the [change log.](/greenrhombus-changelog)_ ### OrangeCircle _Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_ _View the [change log.](/orangecircle-changelog)_ ### RedBrick _Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_ _View the [change log.](/redbrick-changelog)_ ### reverse-proxy-mod _Notes moved to [SVR.JS documentation.](/docs#Reverse-proxy-configuration)_ _View the [change log.](/reverse-proxy-mod-changelog)_ ### YellowSquare _Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_ _View the [change log.](/yellowsquare-changelog)_ ## Download older versions of mods [You can download older versions of SVR.JS mods.](https://downloads.svrjs.org/mods) ## Download deprecated mods **WARNING! Deprecated SVR.JS mods are not maintained anymore, and may have NO DOCUMENTATION available and have SECURITY VULNERABILITIES.** [You can download deprecated SVR.JS mods.](https://downloads.svrjs.org/mods/deprecated)