Hello,
I haven't tried yet, but I'm looking for feature to limit whole request time. Currently I see only between-bytes timeouts, which is not enough. nginx is now vulnerable to slowloris attacks (attacker "only" need to open worker_connections * worker_processes connections).
Is anyone working or will work in near future (3-6 months) on such feature?