IIS Tilder Vulnerebility "~" Fix on Azure

I'm writting a website and right now doing the penetration test. However my test keep failed on the windows short file disclosure issue. You can refer the link as i posted [login to view URL] Each time enter [login to view URL]*~1, my IIS will return Error 404 instead of custom error page. My client is using Azure VM Server 2012R2 and running IIS 8.5 at the moment. I've tried the following: 1. Deny URL sequence with "~" in Request Filtering in IIS. 2. Used URL rewrite with pattern (^[^\?]\~.\?.$)|(^[^\?]\~.*$), action: Abort Request 3. Tried URLScan 3.1 but seem no more working for IIS 8.5. 4. Tried with new project and create only 1 html file for test. 5. Disabled NtfsDisable8dot3NameCreation under registry. 6. Scanned c:\inetpub and there is 0 window short file name. 7. Run windows update All above with no luck. If you got better solution, please let me know and i will reward you. Attached with my [login to view URL] file for your reference.