Not long ago, it was discovered that some Web sites are vulnerable 
to a kind of attack in which executable code is sent to the Web page 
through the HTTP request buffer. In response to this threat, 
Microsoft introduced a new IIS registry key, MaxClientRequestBuffer. 
In IIS4, the default maximum size of the request buffer is 2MB, while 
in IIS5, it has shrunk to 128KB. If you wish to increase (not 
recommended) or decrease the size of the buffer, simply navigate to 
the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w3svc\parameters

Then edit the MaxClientRequestBuffer key. If this key doesn't exist, 
add it, and set its data type to REG_DWORD. Then, in the DWORD Editor, 
select Decimal under Radix, and then enter the number of bytes for 
the buffer.