I'm running:

Server version: Apache/2.4.3 (Unix)
Server built:   Jan 16 2013 15:46:54

on Oracle Linux: Linux dtci-radwebs02 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 08:03:36 PDT 2012 x86_64 x86_64 x86_64 GNU/Linux

with hardening as per CIS. Everything has worked well with various browsers until today, when Noah's dad got out his IE6 and tried to access the site. He got 403 Access denied, but although there was an entry in the virtual host's access_log with that code, nothing was written to error_log.

I found that the 403 was issued regardless of whether the file existed or not (when other browsers return 404), which seems to indicate that the access problem is above the user's htdocs directory (feel free to correct this impression if necessary!). The httpd user has r-x access to htdocs and rwx to the log directory. If these permissions weren't correct, other browsers would complain, but it's only IE6 that is the odd one out.

I've seen a slightly similar problem reported, but it referred to newer versions of IE and didn't have a resolution.

The odd thing is that IE6 can access an equivalent page on my development server, but I have examined the permissions, ownership and config files and haven't (yet) detected any significant differences.

I'm going to run strace on all the httpd processes to see if that helps, but any other suggestions would be appreciated!