Our web server is probably vulnerable to slowloris attack
We got a HackerOne bug report about some web server vulnerability (it seems to be not hardened against slowloris attacks):
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open and hold
| them open as long as possible. It accomplishes this by opening connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
See the attachment for more information about what they tested