<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
			<clear />
			<rule name="SQL Injection" stopProcessing="true">
				<match url="^.*\.php.*$"/>
				<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
			</rule></rules>
    </rewrite>
  </system.webServer>
</configuration>