<?xml version="1.0" encoding="UTF-8"?>
<!--
Configuration to block web access to secure folders
-->
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <clear />
                <rule name="BlockProtectedAssets" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>