Can I use wildcards in the web.config location path attribute?

Try this:

<configuration>
    <system.web>
        <httpHandlers>
            <add path="*.xml" verb="*" 
             type="System.Web.HttpNotFoundHandler" />
        </httpHandlers>
    </system.web>
</configuration>

By the way you could alternatively store all of your xml files within the App_Data directory. Storing files of any type in this directory will not be served to the web.


Another way is to use a request filter:

<system.webServer>
  <security>
    <requestFiltering>
      <fileExtensions>
        <add fileExtension=".xml" allowed="false" />
      </fileExtensions>
    </requestFiltering>
  </security>
</system.webServer>