Background: I have Apache 2 running on ubuntu. There is a low usage on it and mostly being accessed for a web service URL from mobile apps. It was working fine until I installed SSL certificates. I now have both http and https. When I access the server using https, I get a fairly quick response (but probably not as fast as before). When I use http, it's so slow.

What I tried: From this post:

• I curl localhost from the host and it takes some time, meaning there is no routing issue.
• The server runs on Amazon EC2 instance and is managed by me only.

Also:

• I see that Apache once running, creates the maximum number of processes it is allowed to, which was not the case before. I lowered the MaxClients to 20 and I think I'm getting faster responses but it still takes over a minute and I always have MaxClients Apache processes.
• dmesg returns many [ 1953.655703] TCP: Possible SYN flooding on port 80. Sending cookies.
• When I netstat I get many entries with SYN_RECV. Possibly a DDoS attack?
• From EC2's monitoring diagrams I see a pattern of high "Maximum Network In (Bytes)" since 2 days ago. By the way the server is still being tested, the actual traffic is very low and not consistent.
• I tried to go with this solution to limit incoming connections using iptables, still no luck, but I'm trying.

Question: What could be the problem? Is this a DDoS attack?