Content　Delivery　Networks　(CDNs)　are　designed　to　enhance　network　performance　and　protect　against　web　attack　traffic　for　their　hosting　websites.　And　the　HTTP　compression　request　mechanism　primarily　aims　to　reduce　unnecessary　network　transfers.　However,　we　find　that　the　specification　failed　to　consider　the　security　risks　introduced　when　CDNs　meet　compression　requests.　In　this　paper,　we　present　a　novel　HTTP　amplification　attack,　CDN　Compression　Format　Convert(CDN-Convet)　Attacks.　It　allows　attackers　to　massively　exhaust　not　only　the　outgoing　bandwidth　of　the　origin　servers　deployed　behind　CDNs　but　also　the　bandwidth　of　CDN　surrogate　nodes.　We　examined　the　CDN-Convet　attacks　on　11　popular　CDNs　to　evaluate　the　feasibility　and　real-world　impacts.　Our　experimental　results　show　that　all　these　CDNs　are　affected　by　the　CDN-Convet　attacks.　We　have　also　disclosed　our　findings　to　affected　CDN　providers　and　have　received　constructive　feedback.　©　2024　IEEE.