This has happened twice in the last week. A product that was working normally, suddenly produces a 403 error. No changes to the system other than normal orders and adding new products. Error logs don't give any concrete reason for the error.
Here's the strange part - all of the product URLs are in the format xhtxxxxx. As in, www.domain.com/xhtxxxxx.html. If we add one extra character to the beginning of the product URL like xxhtxxxxx it works perfectly. And, when we add images we get the same problem. The files never get saved to the system as long as their name is xhtxxxxx, but work normally if we add an extra character at the beginning.
Is there a reserved character somewhere in Magento preventing us from using "ht" as the second and third character in a product name?
This sounds suspiciously like somebody's misguided attempt to protect Apache per-directory configuration files, such as .htaccess and .htpassword. I'm pretty sure that there's a directive somewhere that uses this pattern to block reading of those files.