on httpd this is just a single config line
https://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html
RequestReadTimeout header=5-15,MinRate=500 body=20,MinRate=500
while we have ratelimiting and max-connection per ip/subnet to solve
that problems on the firewall instead in the attacked application it
makes me tired in case of external security audits that i have to
explain every single time that this is because of rate-control
whitelists for the scanner IP
Severity
Medium
Type
Configuration
Reported by module Slow_HTTP_DOS
Description
Your web server is vulnerable to Slow HTTP DoS (Denial of Service) attacks.
Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP
protocol, by design, requires requests to be completely received by the
server before they are processed. If an HTTP request is not complete, or
if the transfer rate is very low, the server keeps its resources busy
waiting for the rest of the data. If the server keeps too many resources
busy, this creates a denial of service.
Impact
A single machine can take down another machine's web server with minimal
bandwidth and side effects on unrelated
services and ports.
