Back to Blog
Networking

What Is a CDN and How It Hides the Real Server IP

By Kunal KhatriFeb 28, 2026
What Is a CDN and How It Hides the Real Server IP

A Content Delivery Network is a globally distributed system of servers that cache and deliver content from locations close to the user. The performance benefit is real and measurable. The security benefit — hiding your origin server from DDoS attacks and direct exploitation — is equally important but less discussed.

How a CDN Works

When you point your domain's DNS to a CDN like Cloudflare, Fastly, or AWS CloudFront, incoming requests hit the CDN's edge servers — distributed across data centres in dozens or hundreds of cities — rather than your origin server directly. The edge server checks whether it has a cached copy of the requested resource. If yes, it serves it immediately from the nearest location. If not, it fetches from your origin, caches the response, and serves it.

A user in Sydney requesting your website served from a CDN with an Australian edge node gets the response in 20ms. Without the CDN, that same user might be connecting to a server in Frankfurt — 300ms of latency minimum, just from the physical distance.

The IP Concealment Effect

Once traffic flows through a CDN, DNS resolves your domain to the CDN's IP addresses — not your origin server's IP. A DDoS attacker, a bot scanner, or a reconnaissance tool looking up your domain sees Cloudflare's or Fastly's IP. They can flood those IPs all they want — CDNs are built to absorb volumetric attacks at a scale no individual server could handle.

The protection has a fatal flaw, though — it only works if your origin server's real IP is actually hidden. If you've ever sent email directly from your server, had SSL certificates issued before the CDN was set up, or had your domain's IP in old DNS records that are cached somewhere, your origin IP can be found. Historical DNS records are publicly available through services like SecurityTrails.

Cloudflare as a Case Study

Cloudflare is the dominant CDN for small to medium sites — free tier, easy setup, and genuinely powerful DDoS mitigation. They handle over 20% of all internet traffic. When a site moves to Cloudflare, its traffic suddenly originates from Cloudflare's IP ranges instead of the original server. This also means Cloudflare can see all your unencrypted HTTP traffic — a privacy trade-off that most site owners make without fully considering it.

CDN Privacy Trade-offs Nobody Discusses

There's a model inversion that happens when you use a major CDN. Before the CDN: your users trust you with their traffic. After the CDN: your users' traffic goes through the CDN's infrastructure first. Cloudflare can see every HTTP request — headers, cookies, form data on unencrypted connections — for any site behind it. They've committed not to abuse this position. But the trust relationship has shifted from user-to-website to user-to-Cloudflare-to-website.

This matters at scale. Cloudflare handles somewhere around 20-25% of all internet traffic. A legal order compelling Cloudflare to hand over traffic data, or a security breach at Cloudflare, would have an impact far beyond any individual website. The performance and security benefits are real. So is the centralisation risk. It's worth knowing you're making that trade when you set up a CDN.

Look Up Any IP or Domain

Check who owns an IP address and whether it belongs to a CDN, hosting provider, or end user.

IP Lookup Tool
KK

About Kunal Khatri

Kunal is a network security specialist and systems administrator with 8+ years of experience auditing secure connections and building network infrastructure.

Share this article: