I really like this postmortem RCA! The author has done an excellent job walking us through his thought process and explaining the discoveries.

One thing I'd add is putting HAProxy with stick-tables rules in front of the web server (even Apache) as a measure to protect against this form of DDoS attack.