I also implemented timeouts for response processing (including reading the request body from the client), to protect against Slow HTTP POST attacks.