There are several ways to stop ddos on apache. Have you tried any?
Using IPtables:
Iptables Limits Connections Per IP


The syntax is as follows:
/sbin/iptables -A INPUT -p tcp --syn --dport $port -m connlimit --connlimit-above N -j REJECT --reject-with tcp-reset
# save the changes see iptables-save man page, the following is redhat and friends specific command
service iptables save
Example: Limit SSH Connections Per IP / Host

Only allow 3 ssg connections per client host:
/sbin/iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT
# save the changes see iptables-save man page, the following is redhat and friends specific command
service iptables save
Example: Limit HTTP Connections Per IP / Host

Only allow 20 http connections per IP (MaxClients is set to 60 in httpd.conf):
WARNING! Please note that large proxy servers may legitimately create a large number of connections to your server. You can skip those ips using ! syntax
/sbin/iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset
# save the changes see iptables-save man page, the following is redhat and friends specific command
service iptables save

Skip proxy server IP 1.2.3.4 from this kind of limitations:
/sbin/iptables -A INPUT -p tcp --syn --dport 80 -d ! 1.2.3.4 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset
Example: Class C Limitations

In this example, limit the parallel http requests to 20 per class C sized network (24 bit netmask)
/sbin/iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 24 -j REJECT --reject-with tcp-reset
# save the changes see iptables-save man page
service iptables save
Example: Limit Connections Per Second

The following example will drop incoming connections if IP make more than 10 connection attempts to port 80 within 100 seconds (add rules to your iptables shell script)
#!/bin/bash
IPT=/sbin/iptables
# Max connection in seconds
SECONDS=100
# Max connections per IP
BLOCKCOUNT=10
# ....
# ..
# default action can be DROP or REJECT
DACTION="DROP"
$IPT -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
$IPT -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
# ....
# ..
How Do I Test My Firewall Working?

Use the following shell script to connect to your web server hosted at 202.1.2.3:
#!/bin/bash
ip="202.1.2.3"
port="80"
for i in {1..100}
do
# do nothing just connect and exit
echo "exit" | nc ${ip} ${port};
done
OR:

These are few steps to be taken when you feel that the server is under attack:
--------------------------------------------------------------------------------
-
Step 1: Check the load using the command "w".

Step 2: Check which service is utilizing maximum CPU by "nice top".

Step 3: Check which IP address is taking maximum connection using the command:

netstat -anpl|grep :80|awk {'print $5'}|cut -d":" -f1|sort|uniq -c|sort -n
netstat -an|awk '/tcp/ {print $6}'|sort|uniq -c

Step 4: Check the IP address of the server having maximum connection using the
command:

netstat -alpn | grep :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c

Step 5: Then block the IP address using APF firewall "apf -d <IP address>" or
using CSF firewall "csf -d <IP address>
--------------------------------------------------------------------------------
-

In future, to avoid DDoS attack or to lower its intensity you can install the
following modules.

============
*Mod_security: Since DDoS often targets HTTP (port 80), it is a good idea to
have a filtering system for Apache. 'Mod_security' will analyze requests before
passing them to the web server.

*Mod_dosevasive: This is an Apache module which performs 'evasive' action in the
event of an HTTP DDoS attack or brute force attack.

*(D)DoS Deflate: This is a shell script which assists in combating denial of
service attacks.
============

Please go through the following URLs for more information on how to install
"mod_security", "mod_evasive" and "dos_deflate" on your server:

-------------------
http://prasadnaik15.wordpress.com/ho...t-ddos-attack/
-------------------
http://www.eth0.us/mod_evasive
-------------------
http://forum.whmdestek.com/security/...tallation.html
-------------------

You can also enable Sysctl protection against DDoS. Please go through the
following URL for more information in this regard:

----------
http://forums.softlayer.com/showthread.php?t=304 [use your portal
username/password to login]

As mentioned by others, having some connections in TIME_WAIT is a normal part of the TCP connection. You can see the interval by examining /proc/sys/net/ipv4/tcp_fin_timeout:
[root@host ~]# cat /proc/sys/net/ipv4/tcp_fin_timeout
60

And change it by modifying that value:
[root@dev admin]# echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout

Or permanently by adding it to /etc/sysctl.conf
net.ipv4.tcp_fin_timeout=30

Also, if you don't use the RPC service or NFS, you can just turn it off:
/etc/init.d/nfsd stop

And turn it off completely
chkconfig nfsd off