Hardening uploads folder in IIS breaks images

I don’t know if that is the right way but the last time I worked with IIS, I used this code to prevent the loading of an PHP script in the uploads folder.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <location path="wp-content/uploads">
    <system.webServer>
        <security>
            <requestFiltering>
                <fileExtensions>
                    <add fileExtension=".php" allowed="false" />
                </fileExtensions>
            </requestFiltering>
      </security>
    </system.webServer>
 </location>

</configuration>

If you try to execute a PHP script in uploads folder or in the subfolders it will result in an 404 Error.

I hope it helps you further.

Usefull Links to that subject:

Translate .htaccess Content to IIS web.config – docs.microsoft.com

My WordPress web.config – saotn.org

tech