svrjs/svrjs-website
Archived
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2024-09-12. You can view files and clone it, but cannot push or open issues or pull requests.
svrjs-website/source/mods.md

133 lines
5.7 KiB
Markdown
Raw Blame History

---
title: Download official SVR.JS mods
date: 2023-12-21 20:42:00
---
SVR.JS has these official SVR.JS mods:
* [**Berno**](https://downloads.svrjs.org/mods/berno.ssi.1.1.0.tar.gz) - SSI (Server-Side Includes) engine (**not maintained**). ***Latest version: 1.1.0***
* [**easy-waf integration**](https://downloads.svrjs.org/mods/easywaf.integration.1.2.4.tar.gz) - WAF (web application firewall) mod. ***Latest version: 1.2.4***
* [**forward-proxy-mod**](https://downloads.svrjs.org/mods/forward-proxy-mod.1.0.0.tar.gz) - mod, that enables SVR.JS to do forward proxy functionality. ***Latest version: 1.0.0***
* [**GreenRhombus**](https://downloads.svrjs.org/mods/greenrhombus.fastcgi.1.0.4.tar.gz) - FastCGI (Fast Common Gateway Interface) client. ***Latest version: 1.0.4***
* [**OrangeCircle**](https://downloads.svrjs.org/mods/orangecircle.scgi.1.2.0.tar.gz) - SCGI (Simple Common Gateway Interface) client. ***Latest version: 1.2.0***
* [**RedBrick**](https://downloads.svrjs.org/mods/redbrick.cgi.2.6.1.tar.gz) - CGI (Common Gateway Interface) engine. ***Latest version: 2.6.1***
* [**reverse-proxy-mod**](https://downloads.svrjs.org/mods/reverse-proxy-mod.1.1.3.tar.gz) - mod, that enables SVR.JS to do reverse proxy functionality. ***Latest version: 1.1.3***
* [**YellowSquare**](https://downloads.svrjs.org/mods/yellowsquare.jsgi.1.1.3.tar.gz) - JSGI (JavaScript Gateway Interface) engine. ***Latest version: 1.1.3***
**All of those mods are licensed under MIT/X11 license.**
## Notes
### Berno
Current version of Berno allows SSI only in _.shtml_ files. Berno includes parts from very old version of RedBrick (1.x) to handle "exec" SSI directives.
### easy-waf integration
**NOTICE: Using a WAF (Web Application Firewall) is no subsitute for web application security, because attacker will find a way to bypass the WAF.**
Configuration file is _easywaf-config.json_ inside SVR.JS installation directory. Configuration is passed to easy-waf. You can see documentation at [its GitHub page](https://github.com/timokoessler/easy-waf). This mod requires _easy-waf_ Node.JS module.
From easy-waf-integration 1.2.0, there is also additional mailConfig property, which is an object with those values:
* _serverConfig_ - server configuration object passed to _nodemailer_
* _from_ - source e-mail address
* _to_ - destination e-mail address
These versions support sending email in case of blocked request (requires _nodemailer_ module).
From easy-waf-integration 1.2.0, there is support of pre-block and post-block hooks in _easywaf-hooks.js_ inside SVR.JS installation directory.
Example _easywaf-hooks.js_ code:
```js
//EasyWAF hooks. For more information read the easy-waf documentation in GitHub.
function preBlockHook(req, moduleInfo, ip) {
//You can add exceptions for WAF. In this example we do add exception for "cgi-bin".
if (moduleInfo.name == 'directoryTraversal' && req.url.match(/\/cgi-bin(?:$|[#?/])/)) return false;
//We're also adding XSS exception for YaBB forum software to prevent false positives
if (moduleInfo.name == 'xss' && /\/YaBB\.(?:pl|cgi)(?:$|[?#])/.test(req.url) && /(?:(\\?)|[;&])action=(?:post2|modify2|imsend2|cdchatupdate|ajxmessage)($|[;&#])/.test(req.url)) return false;
}
function postBlockHook(req, moduleInfo, ip) {
//You can, for example send an e-mail notification or log it into file.
}
module.exports = {postBlockHook: postBlockHook, preBlockHook: preBlockHook};
```
From easy-waf-integration 1.2.4, there are additional configuration properties:
* _maxRequestCheckedSize_ - maximum size of the request body (in bytes) to be checked. Default is `65536` (64 KiB).
* _maxRequestCheckedSizeStrict_ - option to enable strict request body limits. If the limits are exceeded, then the server will return a 413 Content Too Large error. Default is `false`.
If you're using SVR.JS behind a reverse proxy, you need to configure _trustProxy_ property in _easy-waf_ configuration.
Example _easywaf-config.json_ file:
```json
{
"modules" : {
"xss": {
"excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\/|^\\/(?:(?:navbar-)?logo|powered).png$/"
},
"noSqlInjection": {
"excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//"
},
"crlfInjection": {
"excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//"
}
},
"mailConfig": {
"serverConfig": {
"host": "localhost",
"port": 25,
"secure": false,
"ignoreTLS": true
},
"from": "svrjs@localhost",
"to": "sysadmin@localhost"
}
}
```
_View the [change log.](/easy-waf-integration-changelog)_
### forward-proxy-mod
_Notes are in the [SVR.JS documentation.](/docs#Forward-proxy-notes)_
_View the [change log.](/forward-proxy-mod-changelog)_
### GreenRhombus
_Notes are in the [SVR.JS documentation.](/docs#FastCGI-PHP-FPM)_
_View the [change log.](/greenrhombus-changelog)_
### OrangeCircle
_Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_
_View the [change log.](/orangecircle-changelog)_
### RedBrick
_Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_
_View the [change log.](/redbrick-changelog)_
### reverse-proxy-mod
_Notes moved to [SVR.JS documentation.](/docs#Reverse-proxy-configuration)_
_View the [change log.](/reverse-proxy-mod-changelog)_
### YellowSquare
_Notes moved to [SVR.JS documentation.](/docs#CGI-SCGI-JSGI-PHP)_
_View the [change log.](/yellowsquare-changelog)_
## Download older versions of mods
[You can download older versions of SVR.JS mods.](https://downloads.svrjs.org/mods)
## Download deprecated mods
**WARNING! Deprecated SVR.JS mods are not maintained anymore, and may have NO DOCUMENTATION available and have SECURITY VULNERABILITIES.**
[You can download deprecated SVR.JS mods.](https://downloads.svrjs.org/mods/deprecated)
Reference in a new issue View git blame Copy permalink