Adobe Experience Manager Sites & More

Step 1: Configure DNS to Point Apex to Imperva WAF

If you're using a naked domain (abc.com), CNAME records won’t work (as CNAME is not allowed at the apex in most DNS providers).

You must:
  - Use ANAME or ALIAS record (supported by providers like Cloudflare, AWS Route 53, DNSMadeEasy).
  - Or use A records pointing to Imperva WAF edge IPs (confirm with Imperva).

Step 2: Ensure WAF is Handling abc.com Separately
Even though the certificate covers abc.com, Imperva must have a separate policy/config for the apex domain, not just www.abc.com.

Verify:
  - That abc.com is added as a separate domain/entry in Imperva.
  - The Origin (Adobe CDN ingress) is same as www.abc.com.
  - The Host header, SNI, X-Forwarded-Host, and X-AEM-Edge-Key are set identically for both domains.
Example for abc.com at WAF:

Origin: publish-p<PROGRAM_ID>-e<ENV_ID>.adobeaemcloud.com
SNI: publish-p<PROGRAM_ID>-e<ENV_ID>.adobeaemcloud.com
Host: publish-p<PROGRAM_ID>-e<ENV_ID>.adobeaemcloud.com
X-Forwarded-Host: abc.com
X-AEM-Edge-Key: <value-from-cloud-manager>

Step 3: Verify AEM Domain Mapping

Make sure both www.abc.com and abc.com are mapped in AEM Domain Mapping UI (via Admin Console):

  - Login to AEM as a Cloud Service Admin

  - Go to Tools > Cloud Services > Domain Mapping

  - Add both abc.com and www.abc.com with their respective SSL domains and environments.

Step 4: Redirection (Optional but Recommended)

Decide:

  - Do you want to serve content from both domains?

  - Or force redirect from abc.com to www.abc.com?

If redirect is preferred:

  - Do it at WAF level or DNS/CDN level, not in AEM.

Imperva can handle this as a custom rule:

If request.host == "abc.com" then 301 Redirect to "https://www.abc.com" + request.uri

Note:

Naked domain requires extra handling due to DNS limitations (no CNAME at apex).

Confirm all settings in Imperva for abc.com mirror those of www.abc.com.

Regards,
Amit