The domain is proxied over cloudflare and the access log shows a large number of requests to the website from the cloudflare servers
121115 162.158.88.4
121472 162.158.89.99
121697 162.158.90.176
122265 162.158.91.97
122969 162.158.93.113
125020 162.158.91.103
126132 162.158.90.194
128913 162.158.91.25
128980 162.158.93.89
the requests were all GET / and the rate at which it is done mostly is extremely high pointing to a Layer 7 attack
We cant block the cloudflare IP's on the server as other sites (its a shared hosting server) may be using Cloudflare . At the moment the target IP on the server is blocked at the network level.Luckily the domain was using a dedicated IP
As I already said, Apache handles this pretty well , the only small issue I see is the server load getting a bit above normal and the Apache scoreboard getting filled up, but with Nginx the entire webstack freeze with the CLOSE_WAIT state and ESTABLISHED state extremely high and we can bring back things to normal only after disabling Nginx . Once Nginx is disabled, the CLOSE_WAIT and ESTABLISHED states clear off immediately too