We need to install a Proxy Server (with Squid or better software) first on 1 linux (centos, unbunto...) server.
There should be a file to administrate which domain names are allowed. We will point DNS to this proxy. The proxy caches and ask the orignal servers in the background for the websites (http and https).
All not necessery processes (e.g. mysql, smtp. pop) should be disabled on this machine.
Installation of fail2ban, mod_evasive if possible/necessary.
After testing, the solution should be
a) put onto 2 further servers
b) put into a image for more installations