SVR.JS

Download official SVR.JS mods

SVR.JS has these official SVR.JS mods:

All of those mods are licensed under MIT/X11 license.

Notes

Berno

Current version of Berno allows SSI only in .shtml files. Berno includes parts from very old version of RedBrick (1.x) to handle “exec” SSI directives.

easy-waf integration

NOTICE: Using a WAF (Web Application Firewall) is no subsitute for web application security, because attacker will find a way to bypass the WAF.

Configuration file is easywaf-config.json inside SVR.JS installation directory. Configuration is passed to easy-waf. You can see documentation at its GitHub page. This mod requires easy-waf Node.JS module.

From easy-waf-integration 1.2.0, there is also additional mailConfig property, which is an object with those values:

These versions support sending email in case of blocked request (requires nodemailer module).

From easy-waf-integration 1.2.0, there is support of pre-block and post-block hooks in easywaf-hooks.js inside SVR.JS installation directory.

Example easywaf-hooks.js code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
//EasyWAF hooks. For more information read the easy-waf documentation in GitHub.

function preBlockHook(req, moduleInfo, ip) {
  //You can add exceptions for WAF. In this example we do add exception for "cgi-bin".
  if (moduleInfo.name == 'directoryTraversal' && req.url.match(/\/cgi-bin(?:$|[#?/])/)) return false;
  //We're also adding XSS exception for YaBB forum software to prevent false positives
  if (moduleInfo.name == 'xss' && /\/YaBB\.(?:pl|cgi)(?:$|[?#])/.test(req.url) && /(?:(\\?)|[;&])action=(?:post2|modify2|imsend2|cdchatupdate|ajxmessage)($|[;&#])/.test(req.url)) return false;
}

function postBlockHook(req, moduleInfo, ip) {
  //You can, for example send an e-mail notification or log it into file.
}

module.exports = {postBlockHook: postBlockHook, preBlockHook: preBlockHook};

From easy-waf-integration 1.2.4, there are additional configuration properties:

If you’re using SVR.JS behind a reverse proxy, you need to configure trustProxy property in easy-waf configuration.

Example easywaf-config.json file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
{
  "modules" : {
    "xss": {
      "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\/|^\\/(?:(?:navbar-)?logo|powered).png$/"
    },
    "noSqlInjection": {
      "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//"
    },
    "crlfInjection": {
      "excludePaths": "/^\\/(?:git\\/)?(?:(?!\\.git).)*\\.git\\//"
    }
  },
  "mailConfig": {
    "serverConfig": {
      "host": "localhost",
      "port": 25,
      "secure": false,
      "ignoreTLS": true
    },
    "from": "svrjs@localhost",
    "to": "sysadmin@localhost"
  }
}

View the change log.

forward-proxy-mod

Notes are in the SVR.JS documentation.
View the change log.

GreenRhombus

Notes are in the SVR.JS documentation.
View the change log.

OrangeCircle

Notes moved to SVR.JS documentation.
View the change log.

RedBrick

Notes moved to SVR.JS documentation.
View the change log.

reverse-proxy-mod

Notes moved to SVR.JS documentation.
View the change log.

YellowSquare

Notes moved to SVR.JS documentation.
View the change log.

Download older versions of mods

You can download older versions of SVR.JS mods.

Download deprecated mods

WARNING! Deprecated SVR.JS mods are not maintained anymore, and may have NO DOCUMENTATION available and have SECURITY VULNERABILITIES.

You can download deprecated SVR.JS mods.