Hyper (HTTP library used by Ferron) has request header timeout of 30s by default if a timer is set. Ferron sets the timer for Hyper for request header timeout to work, thus mitigating Slowloris.
Offering more detailed timeouts for other stages of the request would be great, too.
For example with HAProxy you can configure separate timeouts for just about everything. The time a request is queued (if you exceed the max connections), the time for the connection to establish, the time for the request to be recived, inactivity timeout for the client or server, inactivity timeout for websocket connections... The list goes on: https://docs.haproxy.org/3.1/configuration.html#4-timeout%20...
Slowloris is more than just the header timeout. What if the headers are received and the request body is sent, or response consumed very slowly? And even if this is handled with a "safe" default, it must be configurable to cater to a wide range of applications.
