Linux upgrade stopped intranet from working "Forbidden You don't have permission to access"

<Directory ...>
   <RequireAny>
       Require all granted
  </Require>
</Directory>

Hi Jan, thanks for this. Is there a typo somewhere?
when I add this to the conf file and restart apache, it complains -
"Expected </RequireAny> but saw </Require>"

Yes, a typo.  A closing must always match the opening except with the "/".

So, to be clear, it should be -
<Directory ...>
   <RequireAny>
       Require all granted
  </RequireAny>
</Directory>

?
That still does not work, I'm afraid.

So it now looks like this -

<Directory ...>
   <RequireAll>
       Require all granted
  </RequireAll>
</Directory>

Still does not work, still getting error when trying to click links.

check /var/log/httpd/access* and error* logs.

are you running selinux?  
   # getenforce

if it comes back "1" then that's a yes.
   # ls -ldZ /var/www/html
   # ls -lZ /var/www/html

if you have modsecurity for apache also installed, that's another troubleshooting area to consider.

Why do you have access controls at all when default is to serve /index.html to the world?

Explain?

The could not access homepage is not backed by error log entry
There is no telling if document root went to better pasture or directory index or it is really about access list.

I am sorry,I do not understand.
This is a WordPress site, if that helps to explain location of pages better. It seems the upgrade had tied down permissions, however I can access wp-admin, link checker days pages do not exist, suggesting permissions stopping access to those pages. I have not checked the log, I can't now until I log back onto server. Any idea what I am looking for?

I do not see a 'httpd' folder in /var/log

Cos on debian it is /var/log/apache2

/var/log/apache2/error.log.1 appears to be the log file I was after and here is the error -

AH01630: client denied by server configuration:

I am therefore looking at this article at the moment -
http://stackoverflow.com/questions/18392741/apache2-ah01630-client-denied-by-server-configuration

You can replace FollowSymLinks with Alias, that is more secure and server side is less picky.

Still can't fix this so if either of you can help I'd appreciate it.  I believe the issue is down to my instance not being in the default folder, it is here -
 DocumentRoot "/sites/intranet/htdocs"

It looks that default apache conf has been hardened and you need to add premissions to <Directory /sites/intranet> too

Others already have read and execute to the entire folder structure (0755) - what specifically are you suggesting I do?

So far, I have the following -

<Directory ...>
      AllowOverride None
      Require all granted
</Directory>


<Directory /sites/intranet>
      AllowOverride None
      Require all granted
</Directory>

<Directory /sites/intranet/htdocs>
      AllowOverride None
      Require all granted
</Directory>

<Directory />
      Options FollowSymLinks
      AllowOverride None
      Require all granted
</Directory>

<Directory /usr/share>
      AllowOverride None
      Require all granted
</Directory>

<Directory /var/www/>
      Options Indexes FollowSymLinks
      AllowOverride None
      Require all granted
</Directory>

<Directory /srv/>
      Options Indexes FollowSymLinks
      AllowOverride None
      Require all granted
</Directory>

Do you have site editors that manipulate symlinks?
If you make symlinks you can make your apache more secure with alias per symlink.

Thanks for all your help on this, the situation became rather desperate and I managed to call in some internal expertise which I did not realise we had. The resolution is very important to archive because this did not exist anywhere else on support forums.