Our web server is probably vulnerable to slowloris attack

We got a HackerOne bug report about some web server vulnerability (it seems to be not hardened against slowloris attacks):

| http-slowloris-check:

| VULNERABLE:

| Slowloris DOS attack

| State: LIKELY VULNERABLE

| IDs: CVE:CVE-2007-6750

| Slowloris tries to keep many connections to the target web server open and hold

| them open as long as possible. It accomplishes this by opening connections to

| the target web server and sending a partial request. By doing so, it starves

| the http server's resources causing Denial Of Service.

See the attachment for more information about what they tested