Resolving…
It’s not DOS. Way more advanced. Abuser open constant connection to Apache. Apache has to wait for connection to complete based on it’s Timeout value. It never does, hence pages don’t deliver. Very clever. Yet too easy to solve… once you spend hours determining what it could be. 
Box17/www still attacked. Unfortunately due to Apaches limitations, there’s only so much you can stop of this kind of exploitation. So just have to wait until attack subsides (or hacker has filled up his emotional barrel with adequate self-satisfaction). Meanwhile site delivery will be on/off.