How can we set the ReadHeaderTimeout in Traefik to (somewhat) defend against Slowloris attacks?

Is it transport.respondingTimeouts.readTimeout ?

For completeness sake:
nginx: client_header_timeout (default 60s)
Apache: mod_reqtimeout (unset by default)
IIS: headerWaitTimeout (default 00:00:00)

Looks like the one to use to me.

it does however include the body - which would make e.g. uploads a bit of a problem (for us at least) - right?

perfection would be a header-only timeout. but I believe the transport.respondingTimeouts.idleTimeout could be what we can use to deal - if I understand the attack correctly: