Dependency on the internet is escalating day by day, which makes it prone to myriad security threats, for instance phishing, SQL injection, malware and attacks. These threaten one or more of the CIA triad elements, which are Confidentiality, Integrity and Availability. Hence, ensuring continuous security has become an inseparable challenge. These threats could be detected by the classical mechanisms of security such as IDS (Intrusion Detection System), firewalls and antivirus, but after it happens, which means they act as healing tools but do not prevent the threats, also they do not provide detection for new threats, this is where the Honeypot comes in. Honeypot is a trap used to lure possible attackers and interact with them to detour, expose or prohibit per se attacks and to learn new attacker’s techniques. This paper presents a hybrid framework consisting of two types of honeypots to relieve the flaws of each type and offer the benefits of both types. Testing this framework with real DDOS (Distributed Denial of Service) attack traffic against a webserver has shown that it is not only practical, but also very efficient by keeping the web server’s availability for legitimate users.