 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
   <system.webServer>
     <security>
       <authorization>
         <remove users="*" roles="" verbs="" />
         <add accessType="Deny" users="*" />
       </authorization>
     </security>
   </system.webServer>
 </configuration>
