It does not limit the number of connections. It limits the number of connections by ONE user. Does someone know if a typical Denial of Service attack uses a security context of one or many users? Why do I think it depends on how the hackers code it?

MaxActiveReqForOneUser - Specifies the maximum number of simultaneous connections that a single user can open to the report server. Once the limit is reached, further connection requests from the user are denied. For more information, see Limiting the Number of Open Connections.