I had this issue after switching from an Azure app service to DiscountASP.net. I just had to add the following to the web.config to fix the IIS config:
<system.webServer>
<security>
<requestFiltering>
<filteringRules>
<remove name="facebookexternalhit" />
</filteringRules>
</requestFiltering>
</security>
</system.webServer>
The first time I tried this it did not work. However, I emailed support and they explained THEY had to fix it “at the root.” So, for what it’s worth this does work, but in a shared hosting environment, you may need to put it in the server’s web.config, possibly replacing the rule name to what’s appropriate for your hosting provider.
Auri's Blog 