Dealing with DDoS attacks is just apart of running Internet services in general. Whether relying primarily on third party infrastructure (like cloudflare) or your own, mitigating these attacks without (extended) downtime is important.
Discussion
True, what is your practical tips to handle this (for now)? Especially since common affected software like Nginx and Caddy haven't fully solve this issue (yet) if i'm not mistaken.
I've heard that Nginx is currently preparing to issue a new patch that will be released to handle this CVE https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/