The use of the CDN allows to successfully overcome the problem of DDoS-attacks, because CDN has many servers allowing to cope with high loads much better than it will be done much better than it will be done by dedicated server. Nevertheless, you server may still appear in CDN network as an origin server, that will serve content to CDN network when it is necessary. So the hacker attacks may be targeted on it. However, there is a good way to protect your origin. The main idea is to prevent the requests to it from sources other than CDN. The requests should be allowed to CDN only. The best way to achieve such result, and the most simple, by the way, is the creation of complex and not easy to read hostname. For this you may use random letters and numbers, such as dasdfads48GSDGsdagsad.yourdomain.com. This hostname will be known only to your CDN, to the owner of the origin and to your DNS provider. May such hostname be guessed? Yes, in theory, but it is very hard to do it. All you have to do is to allow the access to queries that have such hostname in their header.