What Is a CDN and How It Hides the Real Server IP

A Content Delivery Network is a globally distributed system of servers that cache and deliver content from locations close to the user. The performance benefit is real and measurable. The security benefit — hiding your origin server from DDoS attacks and direct exploitation — is equally important but less discussed.

How a CDN Works

When you point your domain's DNS to a CDN like Cloudflare, Fastly, or AWS CloudFront, incoming requests hit the CDN's edge servers — distributed across data centres in dozens or hundreds of cities — rather than your origin server directly. The edge server checks whether it has a cached copy of the requested resource. If yes, it serves it immediately from the nearest location. If not, it fetches from your origin, caches the response, and serves it.

A user in Sydney requesting your website served from a CDN with an Australian edge node gets the response in 20ms. Without the CDN, that same user might be connecting to a server in Frankfurt — 300ms of latency minimum, just from the physical distance.

The IP Concealment Effect

Once traffic flows through a CDN, DNS resolves your domain to the CDN's IP addresses — not your origin server's IP. A DDoS attacker, a bot scanner, or a reconnaissance tool looking up your domain sees Cloudflare's or Fastly's IP. They can flood those IPs all they want — CDNs are built to absorb volumetric attacks at a scale no individual server could handle.

Here's the thing — this protection only works if your origin server's real IP is actually hidden. If you've ever sent email directly from your server, had SSL certificates issued before the CDN was set up, or had your domain's IP in old DNS records that are cached somewhere, your origin IP can be found. Historical DNS records are publicly available through services like SecurityTrails.

Cloudflare as a Case Study

Cloudflare is the dominant CDN for small to medium sites — free tier, easy setup, and genuinely powerful DDoS mitigation. They handle over 20% of all internet traffic. When a site moves to Cloudflare, its traffic suddenly originates from Cloudflare's IP ranges instead of the original server. This also means Cloudflare can see all your unencrypted HTTP traffic — a privacy trade-off that most site owners make without fully considering it.