Apache doesn't need "fixing" - this is the job of a firewall or IDS or some other such anti-DDoS software. That doesn't mean they couldn't incorporate some protocol patch or use asynchronous I/O or some other crap, but the reliance shouldn't be on Apache to block this. If you're running a website important enough to DDoS, you should have a heavy duty firewall and IDS and possibly reverse proxy in place as well.