Azure Deployment slots whitelist ip

I currently started to work on an web app, in ASP.NET MVC, hosted in azure as an web app. I created a deployment slot (staging, not a production slot) and i would like to know what should i do to block access on that slot from all IP addresses, excepting white listed ones.

I tried from web config by adding this part of code there.

<rules>
    <rule name="Block unauthorized traffic to staging sites" stopProcessing="true">  
    <match url=".*" />  
    <conditions>  
    <!-- Enter your staging site host name here as the pattern-->  
    <add input="{HTTP_HOST}" pattern="^mysite\-staging\." />  
    <!-- Enter your white listed IP addresses -->  
    <add input="{REMOTE_ADDR}" pattern="123\.123\.123\.1" negate="true"/>  
    <!-- Add the white listed IP addresses with a new condition as seen below -->  
    <!-- <add input="{REMOTE_ADDR}" pattern="192\.255\.42\.2" negate="true"/> -->  
    </conditions>  
    <action type="CustomResponse" statusCode="403" statusReason="Forbidden"  
    statusDescription="Site is not accessible" />  
    </rule>  
</rules>

But on deployment it returns this error from the server:

Module     IIS Web Core
Notification       Unknown
Handler    Not yet determined
Error Code     0x80070032
Config Error       The configuration section 'rules' cannot be read because it is missing a section declaration

IIS Version 10.0.

Do you know how should i do to restrict access as mentioned above (maybe something similar that you tried and worked)

Thanks!

Not sure if it was a typo when you pasted the config into your questions, but you are not closing <rules> correctly. Change the final <rules> to </rules>