Can I use wildcards in the web.config location path attribute?

Question

In IIS 7 I try to deny access to all files with the extension .xml for all users.

I tried the following setting in my web.config file:

Answer 1

I have stumbled across this when searching for a way to change the security applied to all actions within a controller in a legacy application (ASP.NET MVC). I thought I need some sort of wildcard, but simply providing the path including the controller segment is enough:

This allows anonymous access to all actions within FooController.