In a web.config usage of
<location path="does not exist on disk">
<!--DO NOT REMOVE - this is needed to allow url replacement to redirect user to correct location-->
<allow users="*" />
Resharper notes that this is an error, and that the solution is to remove this entire element.
Now take in the context of my comment inside my own real usage of the above config. That information is being used by http modules, and by not overriding the default security at this point would fail due to more restrictve default permissions being applied before the request can reach my model or handler.
I don't think you should recommend a user REMOVE a location element. You could leave it as an option further down, but leaving it as the default correction puts this in danger of a user substantially altering their application's security structure without even realizing something changed.