httpserver: Disable default timeouts (closes #1464)

Timeouts are important for mitigating slowloris, yes. But after a number
of complaints and seeing that default timeouts are a sore point of
confusion, we're disabling them now. However, the code that sets
default timeouts remains intact; the defaults are just the zero value.

While Caddy aims to be secure by default, Caddy also aims to serve a
worldwide audience. Even my own internet here in Utah is poor at times,
with bad WiFi signal, causing some connections to take over 10s to
be established. Many use the Internet while commuting on slower
connection speeds. Latency across country borders is another concern.

As such, disabling default timeouts will serve a greater population of
users than enabling them, as slowloris is easy to mitigate and does
not seem to be reported often (I've only seen it once). It's also very
difficult sometimes to distinguish slowloris from genuine slow networks.
That decision is best left to the site owner for now.

caddyhttp/httpserver/server.go

@@ -437,15 +437,9 @@ func (s *Server) OnStartupComplete() {
 }
 
 // defaultTimeouts stores the default timeout values to use
-// if left unset by user configuration. Default timeouts,
-// especially for ReadTimeout, are important for mitigating
-// slowloris attacks.
-var defaultTimeouts = Timeouts{
-	ReadTimeout:       10 * time.Second,
-	ReadHeaderTimeout: 10 * time.Second,
-	WriteTimeout:      20 * time.Second,
-	IdleTimeout:       2 * time.Minute,
-}
+// if left unset by user configuration. NOTE: Default timeouts
+// are disabled (see issue #1464).
+var defaultTimeouts Timeouts
 
 // tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
 // connections. It's used by ListenAndServe and ListenAndServeTLS so