Hashicorp Consul. Set up health check and go. There is another option with haproxy. Yes, there are enough ways. Only if the projects are serious, then all this is half-measures. It will be more expensive to set up and learn on your own than to use, for example, WAF + Cloudfront in aws

It's easy to defend against 300,000 requests per hour. Read here - DDoS attack on nginx with 1 byte packets?

1. The ideal solution is to take 3 VPS and set up an Nginx balancer between VPS, the issue price will be about 1000 rubles / month.
2. Choose a VPS with a wide channel of 200-300Mbps (although in fact 100 is enough if your site is optimized), one VPS (backup) can be placed abroad.
3. Set up protection: if the site is for Russia, then IP addresses from other countries can be blocked, protected from hotlinks, set up fail2ban, set up iptables,...
As a result, get protection from at least 3,000,000 requests per hour.
Check with tests how many requests your server can process now, maybe it suffocates even at 20 requests per second.
IMHO it's normal if it now processes at least 50 per second.
And most importantly, abandon Apache))
And if you also just have cheap hosting, then just take VPS for a start.
Or switch to a web hosting with an expensive tariff (with DDoS protection), but this solution is worse than VPS and more expensive.

from serious ones, except perhaps with a piece of iron on a switch