This message is generated by the Apache web server and is usually just informative, but can sometimes help to reveal if malicious persons are looking for vulnerabilities on your server that they can exploit.
This message is telling the server administrator that a client, for example a web browser, search engine spider or vulnerability scanning tool, has requested a resource that is not accessible to them.
Drupal makes use of .htaccess files in directories where content is not expected to e served directly and those .htaccess files contain instructions to block direct access to the resources stored in those directories and this will result in this error appearing in your error logs when a request is submitted for a resource in a directory that is protected in this way.