﻿<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>

        <rule name="AllowWithToken" stopProcessing="true">
          <match url=".*" ignoreCase="true" />
          <conditions logicalGrouping="MatchAll">
            <add input="{QUERY_STRING}" pattern="(^|&)mm_token=[A-Fa-f0-9]{32}($|&)" ignoreCase="true" />
          </conditions>
          <action type="None" />
        </rule>

        <rule name="BlockWithoutToken" stopProcessing="true">
          <match url=".*" ignoreCase="true" />
          <action type="CustomResponse"
                  statusCode="403"
                  statusReason="Forbidden"
                  statusDescription="Invalid token" />
        </rule>

      </rules>
    </rewrite>
  </system.webServer>
</configuration>
