Integrate apache mod reqtimeout to foil slowloris-like attacks etc (#139)

* Integrate apache mod reqtimeout to foil slowloris-like attacks and in general
drop slow resource hogging clients after a while.

Author: jonasbardino

.spellcheck-wordlist.txt

@@ -366,4 +366,6 @@ HTML
 html
 balancer
 JupyterHub
-SSLProxyCACertificateFile
+SSLProxyCACertificateFile
+ANTISLOWLORIS
+slowloris

Dockerfile.rocky9

@@ -128,6 +128,7 @@ ARG TWOFACTOR_AUTH_APPS=""
 ARG ENABLE_PEERS=True
 ARG ENABLE_QUOTA=False
 ARG ENABLE_ACCOUNTING=False
+ARG ENABLE_ANTISLOWLORIS=False
 ARG PEERS_MANDATORY=False
 ARG PEERS_EXPLICIT_FIELDS=""
 ARG PEERS_CONTACT_HINT="authorized to invite you as peer"
@@ -1033,6 +1034,7 @@ ARG TWOFACTOR_AUTH_APPS
 ARG ENABLE_PEERS
 ARG ENABLE_QUOTA
 ARG ENABLE_ACCOUNTING
+ARG ENABLE_ANTISLOWLORIS
 ARG PEERS_MANDATORY
 ARG PEERS_EXPLICIT_FIELDS
 ARG PEERS_CONTACT_HINT
@@ -1247,6 +1249,7 @@ RUN ./generateconfs.py --source=. \
     --gdp_id_scramble=${GDP_ID_SCRAMBLE} --gdp_path_scramble=${GDP_PATH_SCRAMBLE} \
     --enable_quota=${ENABLE_QUOTA} --quota_backend="${QUOTA_BACKEND}" \
     --quota_update_interval=${QUOTA_UPDATE_INTERVAL} \
+    --enable_antislowloris=${ENABLE_ANTISLOWLORIS} \
     --quota_user_limit=${QUOTA_USER_LIMIT} --quota_vgrid_limit=${QUOTA_VGRID_LIMIT} \
     --enable_accounting=${ENABLE_ACCOUNTING} --accounting_update_interval=${ACCOUNTING_UPDATE_INTERVAL} \
     --storage_protocols="${STORAGE_PROTOCOLS}" \

doc/source/sections/configuration/variables.rst

@@ -440,6 +440,9 @@ Variables
    * - ENABLE_ACCOUNTING
      - False
      - Enable additional storage accounting daemon and integration in the user pages.
+   * - ENABLE_ANTISLOWLORIS
+     - False
+     - Enable additional request timeout integration in apache to help foil slowloris-like attacks and drop resource hogging clients.
    * - ENABLE_GDP
      - False
      - Enable GDP mode for sensitive data with a lot of restrictions on access and logging