Missing timeout http-request exposes HAProxy to Slowloris connection exhaustion

HAProxy without timeout http-request configured is vulnerable to Slowloris attacks, where attackers send partial HTTP requests slowly to keep connections open indefinitely, leading to connection slot exhaustion similar to flood-based exhaustion.

Add 'timeout http-request 5s' to HAProxy configuration to limit how long HAProxy waits for a complete HTTP request. This prevents attackers from holding connections open by sending slow or incomplete requests.