The Apache module mod_reqtimeout can be used to help mitigate WAS QID 150085 Slow HTTP POST on Linux. A link to Apache's documentation can be found here:
Below is how to enable this module for Ubuntu / Debian, as well as Red Hat / CentOS. After enabling this module, rescan to see if the vulnerability has been remediated.
Ubuntu / Debian:
1. Enable mod_reqtimeout:
$ sudo a2enmod reqtimeout
2. Restart Apache:
$ sudo /etc/init.d/apache2 restart
If needed, adjust the configuration for this module by editing this file:
Red Hat / CentOS:
1. Edit the Apache config file:
Add in this line and save:
LoadModule reqtimeout_module modules/mod_reqtimeout.so
2. Create the file /etc/httpd/conf.d/reqtimeout.conf with the following contents and save:
# Wait max 10 seconds for the first byte of the request line+headers
# From then, require a minimum data rate of 500 bytes/s, but don't
# wait longer than 20 seconds in total.
# Wait max 10 seconds for the first byte of the request body (if any)
# From then, require a minimum data rate of 500 byte/s.
3. Restart Apache:
$ sudo service httpd restart
Note that adjustments as desired can be made as desired to the config file for this module. Testing should be done to confirm module settings do not cause any problems with hosted web applications in use!