By default, IIS handlers defined in customers’ web.config files override those defined on the web server level. You can prohibit customers from overriding the handlers via the web.config files. Go to Tools & Settings > Security Policy and select Prohibit the ability to override handlers via web.config.

Please note the following:

• Choosing this option will increase the security but may impact the operation of some customer’s applications.
• This option will influence newly created domains only. The existing domains must be reconfigured for the new policy to take effect.