So the problem is that you are being DDOSed or that everything is stupid on Bitrix?
These are two different problems and they need to be addressed in different ways and in different places.
About DDOS you have already been answered - to filter traffic. Packets should not even reach the server, not to mention bitrix.
man iptables.
Regarding Bitrix - enable caching in the components - what difference does it make how many accesses you will have to the main one, if with the cache enabled, say for 10 hours, your heavy, unoptimized queries will be executed no more than once every 10 hours? At least bother. The component will work once and will spit out the code from the cache file until it becomes obsolete.

It doesn't matter what your site is. You need to filter requests at the iptables or hardware level.
It would also be cool to abandon apache in favor of the nginx + php-fpm bundle.

Turn off all Bitrix modules that load percents, install an intermediate filtering server with ipitables, set up caching and filters on the main server for all sorts of user agents and other things that give out bots.
Recently I fought off some incredible attack for my client, given that the client was small and why it was not clear why they bombed him so hard.

if anyone decides now to try to fill up the server

If your project is on a VPS, then it is, in principle, vulnerable to DDOS, because in the event of an attack, the hoster automatically migrates your virtual machine to a quarantine server so that requests to your VPS do not clog the hardware channel.
If the problem is in a three-story sql query, then cache this component for ages.
If the problem is that the resulting component cache is large (> 1MB), then either clean it up, or enable built-in caching on this page, or install a separate getcache module