http://deflate.medialayer.com/ – please, use this script.
If it’s a slowloris, which would use up all the connections and then keep the connections for a prolonged period of time, rather than a synflood on port 80, you could try the following to reduce the impact in the firewall:
/sbin/iptables -I INPUT -p tcp -m state --state NEW --dport 80 -m recent --update --seconds 15 --hitcount 10 -j DROP
A couple of other handy commands to see the pattern for the traffic on the machine:
tcpdump -nn 'tcp == 2' and port 80 -c 100 -i any tcpdump -Annvvs 1500 'tcp == 2' and port 80 -c 100 -i any