Processwire IIS 7.5 web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<!--<configSections>
<sectionGroup name="system.webServer">
<sectionGroup name="rewrite">
<section name="rewriteMaps" overrideModeDefault="Allow" />
<section name="rules" overrideModeDefault="Allow" />
</sectionGroup>
</sectionGroup>
</configSections>-->
<system.webServer>
<security>
<requestFiltering>
<denyUrlSequences>
<add sequence=".inc" />
<add sequence=".info" />
<add sequence=".sh" />
<add sequence=".sql" />
<add sequence="\..*" />
</denyUrlSequences>
<fileExtensions>
<add fileExtension=".sql" allowed="false" />
</fileExtensions>
</requestFiltering>
</security>
<directoryBrowse enabled="false" />
<rewrite>
<rules>
<rule name="Handle request for missing favicon.ico" stopProcessing="true">
<match url="favicon\.ico" />
<action type="CustomResponse" statusCode="404" subStatusCode="1"
statusReason="The requested file favicon.ico was not found"
statusDescription="The requested file favicon.ico was not found" />
</rule>
<rule name="Handle request for missing robots.txt" stopProcessing="true">
<match url="robots\.txt" />
<action type="CustomResponse" statusCode="404" subStatusCode="1"
statusReason="The requested file robots.txt was not found"
statusDescription="The requested file robots.txt was not found" />
</rule>
<rule name="Access Restrictions: Keep web users out of directories">
<match url="(^|/)\." ignoreCase="false" />
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="Access Restrictions: Protect ProcessWire system files" stopProcessing="true">
<match url="^.*$" ignoreCase="false" />
<conditions logicalGrouping="MatchAny">
<add input="{URL}" pattern="(^|/)site/assets/(cache|logs|backups|sessions|config|install)($|/.*$)" ignoreCase="false" />
<add input="{URL}" pattern="(^|/)site/install($|/.*$)" ignoreCase="false" />
<add input="{URL}" pattern="(^|/)site/config\.php$" ignoreCase="false" />
<add input="{URL}" pattern="(^|/)(wire|site)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$" ignoreCase="false" />
<add input="{URL}" pattern="(^|/)site/templates($|/|/.*\.(php|html?|tpl|inc))$" ignoreCase="false" />
<add input="{URL}" pattern="(^|/)site/assets($|/|/.*\.php)$" ignoreCase="false" />
<add input="{URL}" pattern="(^|/)wire/(core|modules)/.*\.(php|inc|tpl|module)$" ignoreCase="false" />
<add input="{URL}" pattern="(^|/)site/modules/.*\.(php|inc|tpl|module)$" ignoreCase="false" />
<add input="{URL}" pattern="(^|/)(COPYRIGHT|INSTALL|README|htaccess)\.txt$" ignoreCase="false" />
<add input="{URL}" pattern="(^|/)site-default/" ignoreCase="false" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
<rule name="ProcessWire Rewrite" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{URL}" pattern="^/~?[-_.a-zA-Z0-9/]*$" ignoreCase="false" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" pattern="(favicon\.ico|robots\.txt)" ignoreCase="false" negate="true" />
<add input="{URL}" pattern="\.(gif|jpg|png|ico)$" negate="true" />
</conditions>
<action type="Rewrite" url="index.php?it={R:1}" appendQueryString="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>