An ecommerce website hosted on Amazon EC2 instances with an Application Load Balancer (ALB) and Auto Scaling is facing performance issues due to high illegitimate request rates, possibly indicating a DDoS threat. What is the recommended solution to mitigate these threats while minimizing impact on legitimate users?