Login to your VPS. > Open IIS Manager. Under Connections pane, click on VPS Name.
After clicking VPS name, Open Request Filtering as shown in below image.
After Open Request Filtering thenMove to URL tab and click on Deny Sequence.
An Add Deny Sequence dialog box will appear, enter the URL sequence which you wish to block. For Example, if you wish to block the common SQL Injection term 'varchar', enter 'varchar' character sequence in the Deny Sequence box. When you wish to block entire directory access, give '..' as shown in below image.
Click OK.when anyone tries to enter any of the mentioned terms into your URL Sequence, they will receive the HTTP Error 404.5 – URL Sequence denied error message.