---
title: Download official SVR.JS mods
date: 2023-12-21 20:42:00
---
SVR.JS has these official SVR.JS mods:

*   [**Berno**](https://downloads.svrjs.org/mods/berno.ssi.1.1.0.tar.gz) - SSI (Server-Side Includes) engine (**not maintained**). ***Latest version: 1.1.0***
*   [**easy-waf integration**](https://downloads.svrjs.org/mods/easywaf.integration.1.2.4.tar.gz) - WAF (web application firewall) mod. ***Latest version: 1.2.4***
*   [**forward-proxy-mod**](https://downloads.svrjs.org/mods/forward-proxy-mod.1.0.0.tar.gz) - mod, that enables SVR.JS to do forward proxy functionality. ***Latest version: 1.0.0***
*   [**GreenRhombus**](https://downloads.svrjs.org/mods/greenrhombus.fastcgi.1.0.7.tar.gz) - FastCGI (Fast Common Gateway Interface) client. ***Latest version: 1.0.7***
*   [**OrangeCircle**](https://downloads.svrjs.org/mods/orangecircle.scgi.1.2.1.tar.gz) - SCGI (Simple Common Gateway Interface) client. ***Latest version: 1.2.1***
*   [**RedBrick**](https://downloads.svrjs.org/mods/redbrick.cgi.2.6.2.tar.gz) - CGI (Common Gateway Interface) engine. ***Latest version: 2.6.2***
*   [**reverse-proxy-mod**](https://downloads.svrjs.org/mods/reverse-proxy-mod.1.1.4.tar.gz) - mod, that enables SVR.JS to do reverse proxy functionality. ***Latest version: 1.1.4***
*   [**YellowSquare**](https://downloads.svrjs.org/mods/yellowsquare.jsgi.1.1.3.tar.gz) - JSGI (JavaScript Gateway Interface) engine. ***Latest version: 1.1.3***

**All of those mods are licensed under MIT/X11 license.**

## Notes

### Berno

Current version of Berno allows SSI only in _.shtml_ files. Berno includes parts from very old version of RedBrick (1.x) to handle "exec" SSI directives.

### easy-waf integration

**NOTICE: Using a WAF (Web Application Firewall) is no subsitute for web application security, because attacker will find a way to bypass the WAF.**

Configuration file is _easywaf-config.json_ inside SVR.JS installation directory. Configuration is passed to easy-waf. You can see documentation at [its GitHub page](https://github.com/timokoessler/easy-waf). This mod requires _easy-waf_ Node.JS module.

From easy-waf-integration 1.2.0, there is also additional mailConfig property, which is an object with those values:

*   _serverConfig_ - server configuration object passed to _nodemailer_
*   _from_ - source e-mail address
*   _to_ - destination e-mail address

These versions support sending email in case of blocked request (requires _nodemailer_ module).

From easy-waf-integration 1.2.0, there is support of pre-block and post-block hooks in _easywaf-hooks.js_ inside SVR.JS installation directory.

Example _easywaf-hooks.js_ code:

```js
//EasyWAF hooks. For more information read the easy-waf documentation in GitHub.

function preBlockHook(req, moduleInfo, ip) {
  //You can add exceptions for WAF. In this example we do add exception for "cgi-bin".
  if (moduleInfo.name == 'directoryTraversal' && req.url.match(/\/cgi-bin(?:$|[#?/])/)) return false;
  //We're also adding XSS exception for YaBB forum software to prevent false positives
  if (moduleInfo.name == 'xss' && /\/YaBB\.(?:pl|cgi)(?:$|[?#])/.test(req.url) && /(?:(\\?)|[;&])action=(?:post2|modify2|imsend2|cdchatupdate|ajxmessage)($|[;&#])/.test(req.url)) return false;
}

function postBlockHook(req, moduleInfo, ip) {
  //You can, for example send an e-mail notification or log it into file.
}

module.exports = {postBlockHook: postBlockHook, preBlockHook: preBlockHook};
```

From easy-waf-integration 1.2.4, there are additional configuration properties:

*   _maxRequestCheckedSize_ - maximum size of the request body (in bytes) to be checked. Default is `65536` (64 KiB).
*   _maxRequestCheckedSizeStrict_ - option to enable strict request body limits. If the limits are exceeded, then the server will return a 413 Content Too Large error. Default is `false`.

If you're using SVR.JS behind a reverse proxy, you need to configure _trustProxy_ property in _easy-waf_ configuration.

Example _easywaf-config.json_ file:
```json
{
  "modules" : {
    "xss": {
      "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\/|^\\/(?:(?:navbar-)?logo|powered).png$/"
    },
    "noSqlInjection": {
      "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//"
    },
    "crlfInjection": {
      "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//"
    }
  },
  "mailConfig": {
    "serverConfig": {
      "host": "localhost",
      "port": 25,
      "secure": false,
      "ignoreTLS": true
    },
    "from": "svrjs@localhost",
    "to": "sysadmin@localhost"
  }
}
```

_View the [change log.](/easy-waf-integration-changelog)_

### forward-proxy-mod

_Notes are in the [SVR.JS documentation.](/docs#Forward-proxy-notes)_
_View the [change log.](/forward-proxy-mod-changelog)_

### GreenRhombus

_Notes are in the [SVR.JS documentation.](/docs#FastCGI-PHP-FPM)_
_View the [change log.](/greenrhombus-changelog)_

### OrangeCircle

_Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_
_View the [change log.](/orangecircle-changelog)_

### RedBrick

_Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_
_View the [change log.](/redbrick-changelog)_

### reverse-proxy-mod

_Notes moved to [SVR.JS documentation.](/docs#Reverse-proxy-configuration)_
_View the [change log.](/reverse-proxy-mod-changelog)_

### YellowSquare

_Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_
_View the [change log.](/yellowsquare-changelog)_

## Download older versions of mods

[You can download older versions of SVR.JS mods.](https://downloads.svrjs.org/mods)

## Download deprecated mods

**WARNING! Deprecated SVR.JS mods are not maintained anymore, and may have NO DOCUMENTATION available and have SECURITY VULNERABILITIES.**

[You can download deprecated SVR.JS mods.](https://downloads.svrjs.org/mods/deprecated)