Hi @freitasm,
I’m by no means an IIS expert, but what error logs do you have when the HTTP 403 is served? I wonder if Request Tracing would reveal something about why IIS is not able to authenticate the “client” (in this case Cloudflare):