Content　Delivery　Networks　(CDNs)　provide　high　availability,　speed　up　content　delivery,　and　safeguard　against　DDoS　attacks　for　their　hosting　websites.　To　achieve　the　aforementioned　objectives,　CDN　designs　several　back-to-origin　strategies　that　proactively　pre-pull　resources　and　modify　HTTP　requests　and　responses.　However,　our　research　reveals　that　these　back-to-origin　strategies　prioritize　performance　over　security,　which　can　lead　to　excessive　consumption　of　the　website＇s　bandwidth.　We　have　proposed　a　new　class　of　amplification　attacks　called　Back-to-Origin　Amplification　(BtOAmp)　Attacks.　These　attacks　allow　malicious　attackers　to　exploit　the　back-to-origin　strategies,　triggering　the　CDN　to　greedily　demand　more-than-necessary　resources　from　websites,　which　finally　blows　the　websites.　We　evaluated　the　feasibility　and　real-world　impacts　of　BtOAmp　attacks　on　fourteen　popular　CDNs.　With　real-world　threat　evaluation,　our　attack　threatens　all　mainstream　websites　hosted　on　CDNs.　We　responsibly　disclosed　the　details　of　our　attack　to　the　affected　CDN　vendors　and　proposed　possible　mitigation　solutions.　©　USENIX　Security　Symposium　2024.All　rights　reserved.