Apologies on the delay and thanks for the responses.
Yep, the issue was that Moodle is triggering the default configuration of mod_evasive for Apache. mod_evasive is a DoS Protection module.
Relaxing the configuration slightly has stopped the 403's from occurring.
For those interested, the following is our configuration, inside /etc/apache2/mods-enabled/evasive.conf
Hope this helps?