One of the reasons why I’ve been working with PSS on my gatherer logs is because I’ve been getting "Access Denied" errors in the logs. The initial suspicion was that a WSS site was linking to an external site, or a site that needed authentication.
By using the SQL query referred to in the link above, it was possible to identify the reason for the errors – DWT files had been placed in the document library. PSS have now given me this explanation:
Any relative path that includes _private or *.dwt and any file extension that ends in .dwt will cause SharePoint to return a 403 Forbidden response. This is by design. SharePoint code will not allow anything with _private or dwt relative paths in the code, nor will it allow .dwt files to be run, as it has the potential for malicious code to be executed. It’s the same reason that .asp files can’t be run out of databases.
This behavior is by design for security reasons.
In case the .DWT files need to be made available to users, you can consider setting up a virtual directory to .DWT files outside SPS.
So there you go: if you see any "Access Denied" errors in your logs, use the SQL query to find the cause and it might just be a DWT file.