======Deny web access to a folder by adding a request filter to IIS7 web.config file======
=====Stop IIS from serving direct access to certain folders=====

IIS 7 by default doesn’t server some website folders and files such App_Data, App_Code, bin, App_GlobalResourses, App_LocalResources, Web.config, etc.

Open Internet Information Services Manager and select the website that you are interesting in denying web access to certain folders within that site.  You can either add a properly configured web.config file to the website root, or add a web.config file within the particular sub-directory of the root, to block access to those directories / folders from web browsers.  

Or you can use Request Filtering to Add a "Deny" list for each folder you want to restrict access, such as /data/, /_cgi-bin/, /admin/, etc.  This deny sequence list can be configured in the web.config file within the root, or you can deny access by creating a properly scripted web.config file within the 'denied' sub-folder itself.

=====Directions to Deny Direct Access to Certain folders using Request Filtering=====
  -In IIS 7 Manager, select the website under 'Sites"
  -Click  the '**Request Filtering**' icon in the middle pane
  -Select the '**-url**' Tab in the middle pane
  -Click '**Deny Sequence**' in the 'Actions' pane to the right side of the interface
  -Now, Add the path of the first sub-folder between forward slashes, such as **/data/**
  -Click the OK button to add that sub-folder to the Deny Sequence list in the 'url' Tab pane
  -Repeat 'Deny Sequence' to create a list of all folders for which direct web browser access should be denied
  -Switch from Features view by clicking the 'Content View' view at the bootm of the middle pane
  -Click Ok to Save the these additions to the web.config file
  -Test your web interface by trying to directly access any 'denied' folder in your url deny sequence list