--snip--
Also, as you are providing letter of guarantee, use of CDN would not allow MITM. Without using CDN, you are just exposing your IP, i.e. 46.17.96.4, open for DDOS.
It's the other way around...
A CDN is just a content delivery network. It won't protect you against DDOS attacks.
Wrong. Cloudflare is a CDN and it does mitigate DDOS attacks. Read more about it here:
https://www.cloudflare.com/ddos/. In fact, BitcoinTalk also uses Cloudflare for DDOS protection.
With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks.
I do know one CDN that's giving away proxy functionality for free... And because they act as a proxy, they also mitigate DDOS attacks to a certain point (eventough their primary function is being a caching proxy). However, this CDN DOES act like a MITM. I stay away from any mixer that uses this CDN, since they'll decrypt any data exchanged between me and the mixer and they'll be able to store the unencrypted data in a US based server farm.
This depends on implementation. If the website owner is using HTTP then MITM is definitely possible. If HTTPS is used, where SSL is provided by CLoudflare, then also MITM is possible. But, if, HTTPS is used, but SSL is provided by hosting provider, then CLoudflare has no way to intercept. This helps to protect from DDOS as well as mitigate the risk of MITM.
I've actually written a complete thread about this in the past:
https://bitcointalk.org/index.php?topic=5247838please read and educate yourself before you push anybody towards cloudflare in the future... Cloudflare is fine for any service that isn't privacy-focussed... But not if you think your clients don't want their details in an FBI/CIA/DOD/... database. I, for one, wouldn't care if the FBI knew i was buying new lightbulbs, so a lightbulbstore could use cloudflare.
On the other hand, i WOULD mind if the FBI knew i was mixing coins, or buying a subscription to a porn site, or if i bought a new hunting knife. So if one of these businesses would use cloudflare, i wouldn't touch them with a 20 foot pole.
Was not aware of this thread. It is a fantastic thread to be honest. I have merited whatever I had to this thread.
What the OP is doing is the best possible scenario...
Wrong.
Part 2: A https site using it's own certificate (aka, best case scenario) - this is the best case scenario when used in conjunction with Cloudflare, because Cloudflare mitigates the DDOS problem as well as hides the hosting IP from public eye.
BTW: there are other, better, more superior ways of dealing with a DDOS attack. If you're running an online service, and you need privacy for your users, you should stay away from cloudflare...
Please enlighten the community with those superior ways to mitigate DDOS. BitcoinTalk may adopt those to get rid of Cloudflare as well.