Improving Web Application Security: Threats and Countermeasures

You can use URLScan as another line of defense against denial of service attacks even before requests reach ASP.NET. You do this by setting limits on the MaxAllowedContentLength , MaxUrl and MaxQueryString attributes.

To throttle the request sizes, add the following configuration to URLScan.ini:

[RequestLimits] ; The entries in this section impose limits on the length ; of allowed parts of requests reaching the server. ;MaxAllowedContentLength=2000000000 ;MaxUrl=16384 ;MaxQueryString=4096