Great post. One thing though. Maybe the engineers were misguided but its possible they were trying to mitigate slow loris attacks. Which are annoying to deal with and hard to separate from users who are just sending data at a really slow pace. Having had to mitigate these attacks before, we usually do a global timeout on the backend. Maybe different but definitely a possibility.