The Ipsecurity restriction set at the file level through the interface is not reflected in applicationhost.config or web.config

Problem 1: I have an asp.net 4 site hosted on IIS 7.5. I have a file that will only have access from a set of IP addresses and needs anonymous access.

• The following are the steps listed at http://www.iis.net/ConfigReference/system.webServer/security/ipSecurity
• The IP and domain roles are included .
• Selected the file in which to apply the restriction. Added restriction through the user interface.
• Rebooted the web server

I took a record like

<location path="WEBSITE/FILEPATH">
   <system.webServer>
      <security>
         <ipSecurity allowUnlisted="false">
            <add ipAddress="192.168.100.1" />
            <add ipAddress="169.254.0.0" subnetMask="255.255.0.0" />
         </ipSecurity>
      </security>
   </system.webServer>
</location>

in my applicationhost.config file . Unable to find.

Tried to search for entries in web.config WEBSITE. Also no.

: IIS Manager ?

2: <location> xlm web.config. 500. IP IIS,

This configuration section cannot be used at this path. 
This level happens when the section is locked at a parent level.
Locking is either by default(overrideModeDefault="Deny") 
or set explicitly by a location tab with overrrideMode="Deny" 
or the legacy allowOverride="false"

googling applicationHost.config ipSecurity

<sectionGroup name="system.webServer">
<!-- other stuff here removed for brevity -->
<section name="ipSecurity" overrideModeDefault="Allow" />
</sectionGroup>

.

<location path="" overrrideMode="Allow">
<system.webServer>
<modules>
<add name="IpRestrictionModule" lockItem="false"/>
</modules>
</system.webServer>
</location>

, - .

, .