The solution I’ve got in place now is modreqtimeout with header and body timeouts in place so people can’t just create a connection and stall it indefinitely.  This should mitigate the slow httpd style attacks we received yesterday.  This module is included in the stock Apache distribution so my home is that it is more stable and better tested.