The maxRequestLength attribute sets the limit for the input stream buffering threshold in KB. Attackers can use large requests to cause denial-of-service attacks.

The recommended value is 4096 KB but you should try setting it as small as possible according to business requirements.

The following example shows the maxRequestLength attribute set to a high value (255 MB) in a Web.config file for ASP.NET:

Unless such a high value is strictly needed, it is better to set the recommended value (4096 KB):

MSDN: HttpRuntimeSection.MaxRequestLength Property.