How mitigate DDOS or only access to ip's cloudflare to ports 80 and 443?

[wonder_wonder]

Hello,
I have had a relatively serious problem for a few days. I have a VPS and I am suffering an attack, almost daily, which I think is DDOS, many connections from different IP's.
I have lowered the value of CT_LIMIT and this is mitigating the attack, but as I lower it, they lower the number of connections per ip and increase the ip's.
I had to get the CT-LIMIT value down to 5 (for a few hours).
I have mod_remotip installed, I am behind cloudflare and I have the VPS (it is in CentOS) configured as indicated here.
https://support.cloudflare.com/hc/es-es ... con-Apache

Do you know if there is any way to mitigate this, giving only access to the cloudflare ip's to port 80 and 443?

I also have other settings in this firewall configured for this type of attack, I have read all the guides that I have found on the internet.

Thanks and regards!