[meekmind]

I've run into a very similar issue, but it was bots - not the CDN provider.

Every day (to this day) we're getting thousands of requests for images that no longer exist on our CDN (because they were stale/deleted). The CDN normally does not hit the origin machine (where the images are hosted) unless it cannot find the images on the CDN, at which point it queries the origin for the image. Problem was, the image no longer existed on the origin. I didn't expect the origin would receive much traffic, but suddenly it's receiving a ton of traffic.

I was very confused because, at first glance, it looked like I was being attacked by my own CDN provider given the tremendous traffic and the fact that the CDN provider was the only thing allowed to access that box (the origin).

At any rate, I contacted the CDN provider and informed them that thousands of requests that resulted in 404's were taking down my website. They told me there was nothing they could do.

In any case, I managed to wrangle together some new infra to handle it. I don't think whoever was hitting the CDN for those images was malicious. However, it occurred to me that had they been malicious, then they could have just hit random non-existent file-names at a much higher rate and done a lot more damage.