Just wondering, if it would be useful to have a LimitRequestRate configuration directive, which would then mitigate against Slowloris and friends?
For instance, if Timeout is 5 seconds, Slowloris will push 8 bytes through the pipe every 5 seconds (X-a: b\r\n), giving it the rate of 1.6 bytes per second. Quite obviously, this kind of input rate is not something today's machines and networks are experiencing on a regular basis, so requiring say 100 bytes per second or more in this scenario would help against this kind of attack. In combination with other Limit directives, the attacker would hit disconnect much faster, hopefully giving legitimate clients more chance to get a thread/process. Disclaimer: not a security expert by any stretch of imagination. Bullshit filter advised :-) -- Bojan
