Constant concurrent connections drain my server storage

I apologize in advance if this question is in a wrong forum, this is my first question here! My client has hosting with Aliyun Cloud (Alibaba Cloud in China). I've deployed a microsite to their servers, which has following structure: microsite.com -> CDN1 -> SLB -> 2x ECS -> DB ECS oss.microsite.com -> CDN2 -> OSS ECS instances under SLB have sticky sessions and serve only HTML response. All other files (js, css etc) are served from OSS domain. These instances also use database to store sessions data (eg. user IP address, timestamp of last activity etc.) After 3 weeks, database instance ran out of 40GB of storage space. When I looked into it, I saw 23 million session entries. ECS instances are under constant 100-150 concurrent connections, day and night, 24/7, although actual users (we use GA for tracking) is maybe 10-15 per day (campaign hasn't started yet). I am baffled as client IT says this is "normal" and not an "attack" cause it would be "much more severe". They have no explanation from where this traffic comes from. I can see however in access log (tail -f access.log) a constant flow of requests. These are always there, day and night, whenever I SSH in. GA is empty, except when I open the microsite or someone from client side (as link wasn't pushed to media yet). Anyone has any advice what this is? It seems to me some attempt to run server out of resources, or some unsuccessful DDoS. But because it is still in 100-200 concurrent connections, no firewall / security rule is activated by Aliyun. I don't have access to Aliyun console, only can SSH into servers. I simply can't believe this is "normal". On CloudFlare I had options for bots protection, javascript challenge etc. Aliyun seems to have nothing. Or they simply don't care. Some technical info: All ECS instances are on Ubuntu 20.04. Web service is Apache2, with PHP7.4 and PHP7.4-FPM running. Database instance has MySQL8. Database instance only allows connections from web server instances, and those allow HTTP connection only from SLB (Server Load Balancer, equivalent to Elastic Load Balancer on AWS). This means that all traffic still has to come through SLB to instances under it. Has anyone experienced anything like this? How can I protect my backend from it if they are unable to do it?