Adobe Experience Manager Sites & More

Guglielmo89 · 3/25/25

Hi all,

I'm asking about this particular situation because I want to configure the Adobe Fastly CDN using a subdomain like dam.site.com for an existent website that is accessed through a custom (Imperva) CDN (www.site.com for the example).

The goal would be to access all the media in the dam through the Adobe CDN while maintaining the existing site with Imperva.

Now the custom CDN is pointing directly to the publish environment and if I try to access to this one I get 403 forbidden error, like if Imperva is cutting out every other connection to the env. I've not configured anything in the IP whitelist so I think that is Imperva that is doing this.

Would it be possible to configure an SSL certificate for dam.site.com in the cloud manager configurations?

Any of you had this kind of issue or is it an impossible matter to do with the same environment ?

Thank you!

arunpatidar · 3/25/25

Hi @Guglielmo89

Could you please check below if helps

https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/usi...

Arun Patidar

konstantyn_diachenko · 3/25/25

Hi @Guglielmo89 ,

Please check this official documentation: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/con.... It describes how to configure 3rd party CDN and allow access to it.

Long story-short: you have to configure Adobe CDN credentials. Direct access without a correct X-AEM-Edge-Key will be denied for all requests matching the condition (in the sample below that means all requests to the publish tier). If you need to gradually introduce authentication, please see the Migrating safely to reduce the risk of blocked traffic section.

Read about this configuration here: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/con...

Example of cdn.yaml

kind: "CDN"
version: "1"
metadata:
  envTypes: ["dev", "stage", "prod"]
data:
  authentication:
    authenticators:
      - name: edge-auth
        type: edge
        edgeKey1: ${{CDN_EDGEKEY_03252025}}
        edgeKey2: ${{CDN_EDGEKEY_03252026}}
    rules:
      - name: edge-auth-rule
        when: { reqProperty: tier, equals: "publish" }
        action:
          type: authenticate
          authenticator: edge-auth

Using at least one edgeKey as X-AEM-Edge-Key will allow you to connect your Imperva to AEM Publisher.

Best regards,

Kostiantyn Diachenko.

Kostiantyn Diachenko

Check out AEM VLT Intellij plugin

kautuk_sahni · 4/1/25

@Guglielmo89 Did you find the suggestions helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!

Kautuk Sahni

Guglielmo89 · 4/1/25

Hi Kautuk,

It's still not very clear to me how to configure correctly everything for the "double" cdn pointing at the same publish instance.

I'll try also with the cdn yaml configuration file but it's still a bit confused. I have to do some tests.

Thank you anyway.

Guglielmo

konstantyn_diachenko · 4/1/25

Hi @Guglielmo89 ,

It's described in details here: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/con.... Please check it out.

Best regards,

Kostiantyn Diachenko.

Adobe Experience Manager Sites & More

Adobe and custom CDN together

Arun Patidar

Kostiantyn Diachenko

Check out AEM VLT Intellij plugin

Kautuk Sahni

Kostiantyn Diachenko

Check out AEM VLT Intellij plugin

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe