ServerDefender VP Web Application Firewall for AWS

Security is the top concern for many organizations when deploying in the cloud. ServerDefender VP provides powerful security for AWS to give you peace of mind for your cloud deployment. SDVP security for AWS is:

Ideal for Cloud Security

SDVP is a host-based web app firewall that installs right on your cloud instance, and scans all traffic before it hits your site or application.

Built for the System Administrator

Sys admins have enough on their hands. We made SDVP easy to setup and manage, with simple controls and built in powerful reporting and alerting to make life easier, not more difficult.

Stop Common Threats and New Threats

SDVP doesn't use lists of attack signatures to match and stop threats. It uses a rules-based system to provide security against well known threats as well as new - unknown - threats.

Intuitive Controls to Quickly & Easily Secure

Intuitive user interface makes it easy to configure security and means no lengthy training sessions.

Customize to Your Security Needs

Control every aspect of your site or application's security, for a security policy that fits what you need.

Security for Popular Platforms

Custom pre-installed security profiles for SharePoint, .NetNuke, Outlook Web Access (OWA), WordPress, and Joomla to get started right out of the box.

See how ServerDefender VP makes securing AWS easy

And why it might be right for your deployment


Provides powerful security against top persistent threats like SQL injection and XSS.

Session aware security, tracks users' sessions to score any suspicious or threatening behavior - and block when necessary.


Interactive Log Viewer provides data on hack attempts in real-times.

ServerDefender VP also sends comprehensive daily reports of trends and security events right to your email.


You can’t always be watching, so SDVP sends alerts via email when hack attempts occur.

Reduce incident response time by temporarily blocking the offending IP right from the email.

 Apps We Secure

Port80 provides security for popular platforms like:

  • SharePoint
  • .NetNuke
  • Outlook Web Access
  • WordPress
  • Joomla
  • & More...

Learn More: Security You Can See »

Security Features

Easy to Use Slider Controls

Want to get set up quickly? Just slide the enforcement and logging levels to your desired strength and you're good to go. Individual settings can be configured from Expert View.

SDVP Standard View

Input Controls for SQL Injection and XSS Protection

Configure strength of input controls to prevent SQL injection and cross-site scripting. Not every field or form requires the same level of security, so we added custom input controls and exceptions for specific fields so you can get as specific as you'd like.

Slide Into Security

Session Management Controls for Hardened Sessions

Broken authentication and session management is a consistent threat in the OWASP Top 10. We've combatted this threat with hardened session controls to restrict sessions to a single IP address and set session timeouts.

Slide Into Security

Site Status Dashboard for Error Statistic At A Glance

Get quick insight to the number of and types of errors occurring on your site. Here, you can click a threat category (SQL Inject, XSS, etc) to jump to logs corresponding to those threats.

Slide Into Security

Out of the Box Security for Popular Web Application Platforms

Pre-built profiles with security controls built specifically for the most popular application platforms on IIS. Custom profiles for: Microsoft SharePoint, Outlook Web Access, DotNetNuke, WordPress, and Joomla.

Slide Into Security

Configure Buffer Overflow Controls

Buffer overflow attacks can overwhelm systems by sending huge amounts of malicious data at them. Limit the size of data allowed in: URL, user-agent, cookie name and value, Post-Limit, and more.

Slide Into Security

Powerful Access Control

Control access to resources by file type or URL, so only those who need access to sensitive data have it. Manage file uploads and allowable file types to prevent malicious uploads.

Slide Into Security

Secure Against International Threats and Block IPs

The threat from international hackers is persistent and growing. IP policy controls provide the tools to block specific IP address, IP ranges, or even entire countries.

Slide Into Security

Protection Against Bots and Script Kiddies

Protect against bots and script kiddies by configuring bot detection settings. Stop bots right in their tracks after a certain number of requests or errors. You can can also blacklist known bot user-agents

Slide Into Security

Error Handling

Server errors can divulge vital information that can make it easier to hack a system. Serve custom templates to prevent sensitive information from being divulged.

Slide Into Security

Why Secure with ServerDefender VP?

Providing security for your cloud instances is a high priority, but why should you choose ServerDefender VP?

  • Host-based security built perfectly for cloud deployments

  • Launch instantly secure cloud instance on AWS in minutes

  • PCI compliant web application security for payment processing and ecommerce

  • Protection for the application layer against web-based threats

  • Developed and supported by a team of web security experts

  • Powerful granular controls to configure security to your site or app's needs

  • Better zero day protection with advanced rules-based security - that means no signature updates - ever

Powerful Security, Made Easy

ServerDefender VP Web application firewall is designed to provide powerful security against Web attacks in an affordable, easy-to-use package for IIS admins.

SDVP premium security will:

  • Stop hack attempts against IIS
  • Maintain Payment Card Industry Data Services Standard compliance
  • Prevent data theft and breaches
  • Stop unauthorized site defacement, file alterations and deletions

Dynamic IIS Security

The Internet is a dangerous and ever-evolving place. SDVP provides powerful Web app security to:

  • Block top known threats like SQL Injection and Cross Site Scripting
  • Learn to recognize and block new threats by analyzing all site traffic and flagging suspicious or malicious users
  • Dynamically tightens security if attacks increase
  • Deep packet analysis scans what's inside files, not just file types
  • Differentiate between harmful and harmless traffic to prevent false-positives
  • Granular rules let you shrink wrap security policies to fit your site's needs
  • SDVP's Web application security requirements are based on the OWASP Top Ten Project

IIS Security Made Easy

SDVP's intuitive user interface makes securing your web apps easier than ever.

  • Increase and decrease security levels with the click of a mouse using Enforcement Level slider
  • Security enforcement level icons let you know how firm your security is set against individual threats
  • Set rigid security without implementing complex rules

Security Information & Event Management (SIEM)

A Web application firewall that logs security data so you can see exactly what's happening on your sites - and alerts you when your away from your desk.

  • Interactive LogViewer
    See security events in real-time and customize security policies on the fly.
  • Flexible Alerts
    Alerts of web attacks sent right to your email (HTML and plaintext), SNMP, Windows Event Viewer (local and remote), and Syslog-NG.
  • Global and Site-Level Monitoring
    View security reports locally on your server or remotely via the Web.
  • Daily Reports
    Summaries of key site traffic trends and anomalies, emailed nightly.

PCI Compliant From Birth

The Payment Card Industry Data Security Standard (PCI DSS) based its Web application security requirements on the OWASP Top Ten Project. ServerDefender VP's security controls were modeled on that same project.

ServerDefender VP Web App Security Provides

  • Easy to use controls
  • Application-neutral - protect ASP.NET, ColdFusion, PHP or any other app on IIS
  • Helps achieve PCI DSS, HIPAA, and other security compliances
  • Stop hack attempts against IIS
  • Prevent data theft and breaches
  • Protection against code vulnerabilities

Learn More: Requirements »

Instance Options

Available EC2 Instance Types

ServerDefender VP is available on Amazon Web Services as an Amazon Machine Image (AMI). It can be purchased through the AWS Marketplace.


  • Instances
    • Available on all EC2 instance types
  • AMI Operating System
    • Windows Server 2008 R2
    • Windows Server 2012

Learn More: Overview »