This conversation should be followed by a fair comparison of how other webservers perform under this type of attack, then a preview of the types of tools that should be used to mitigate this kind of attack. Nginx's max body size is a good start. I believe there is also an nginx module to complete the request's upload before sending it upstream.