[aluminussoma]

Apache can mitigate slowloris attacks through mod_requesttimeout. I recommend using this.

[zzzcpan]

Both nginx and apache are vulnerable to slowloris. To mitigate an attack like that you need an architecture with a scheduler, that kills slow connections, not a naive event loop.