Thats output from the dread and duly awful TMG (Microsoft Threat Management Gateway). Someone running the gateway needs to check its logs - it is possible to analyse (live) traffic from your browser - internally to the company - and determine which rules in TMG are activated causing the denial. I've seen this sort of thing where TMG is 'filtering' the URL; we have this sort of thing internally where I work now and its often used to expand an URL to an IIS server, why - I dont know, but in our case it took an Domain name blah.com and redirected it on the fly to blah.com/moodle.
I setup an Apache replacement where Apache itself had a document root of /var/www/moodle. They left the rule in - and if you put blah.com in your browser - the TMG got in the way and rewrote the request to the Apache server as blah.com/moodle - Apache sees this as /var/www/moodle/moodle - which of course doesn't exist - and I get a 403 error. Took me two days of messing about before someone thought to check TMG out.
So - best advice - get the guys runningf the TMG server to check the logs on their end - might give some more information to get an angle on how to sort this.
Best wishes