This is really "How to crash a web server 101."
Place a .htaccess fill somewhere above docroot. Especially in the server root directory.
This returns the usual 403:
You don't have permission to access / on this server."
Which is a bit misleading. I was looking in docroot and seeing nothing wrong. Then it transpired that all sites on the server were getting the same error.
I looked in the error_log and saw:
"[Fri Jan 18 18:30:56 2013] [crit] [client 0.0.0.0] (13)Permission denied: /.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable"
Which I still interpreted wrongly as referring to docroot.
Then the penny dropped - I had inadvertently dropped an .htaccess into the server root "/" that was unreadable by apache (ie it was owned by root:root without global read).
I removed it and everything was OK.
So my questions are:
1) Why does Apache search above the docroot anyway?
2) Is there a way of stopping it searching above docroot?
Just in case this happens again!