Block direct access to files on IIS

I have a multisite with one subsite being a members-only. I would like to prevent direct access to files in that members-only section. It contains mostly PDFs that I do not want to be accessible when nog logged in.
For permission management I use Press Permit which also has a ‘file url filter’ addon which does not work on the Windows server. When I activate the add on the files are no longer accessible for users wither (blank screen, server error?). I get the same behaviour when I make my own htaccess so I have been trying to accomplish what I want with the web.config file. No luck…

My approach would be: create a web.comfig in the uploads folder of the specific site (/wp-content/uploads/sites/5) with something along these lines in it:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Prevent Direct Access To Files">
                    <match url=".*\.(pdf|doc|docx)$" />
                    <conditions>
                        <add input="{HTTP_REFERER}" pattern="^$" negate="true" />
                        <add input="{HTTP_REFERER}" pattern="^https://(.*\.)?mydomain\.nl/.*$" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="/images/no_hotlinking_allowed.jpg" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

This specific code seems to do nothing at all, also not when I move it to the uploads ‘root’ (which already contains a web.config). I have managed to block access, but like with using htaccess, it is all or nothing.

Suggestions anyone?