I Have a application in my IIS but its paths, files are open to anyone that request them. I used url rules to block the access, but my application don't have access too when i do this. How I do to block access for external clients but not to my application? (My application access yours files like a client too Ex: The url to my application is www.example.com/app, but if the user type www.example.com/app/users.xml is possible access it. When I block, its not possible access xml file, but the application don't have access too, but i don't want this).
Please help me!