Comment 5 for bug 392759

Apparently apache2-mpm-worker *is* the default choice of mpm, at least some of the time (though the machine I first checked on had apache-mpm-prefork, I am unsure why). My mistake, it would appear.

Using apache2-mpm-prefork would appear to be a viable workaround, unless it leads to performance issues on a heavily loaded server.

So this comes down to whether slowloris is "a serious remote denial of service" (since it does not cause local root privilege escalation or data loss, as far as I know).

Dekar: What makes you believe slowloris is a "serious remote denial of service"? Is it currently in widespread use? I have no idea what the criteria for "serious" might be!

In some ways, this bug is at its heart a request to package mod-antiloris. There appears to already be a libapache2-mod-antiloris package in Debian unstable and Debian testing; perhaps it can be synced into Ubuntu?