ModSecurity is an Apache module that applies a set of rules to the activities of software run on Apache. It is used by some hosting environments to assure security, but some rules can interfere with the normal operation of Drupal. Because each ModSecurity administrator can write their own rules it is impossible to be certain that Drupal does not get caught up in these rules.
It is possible for Drupal to get caught correctly. Before implementing the solutions below to turn off part or all of ModSecurity, be sure that Drupal is being caught improperly. Be certain that the activity being stopped is not due to some malicious or potentially dangerous activity and that the security of your site will not be compromised.
It is possible, given the right permission or cooperation from your hosting company, to either turn off specific rules for your site or turn ModSecurity off entirely for your VirtualHost.
Reporting Bad Rules to ModSecurity
Sometimes, ModSecurity rules that catch Drupal doing valid things are simply unneeded or over-reaching. You can help ModSecurity consider stronger and more precise rules that will benefit the whole ModSecurity community by submitting them as bugs upstream and encouraging them to fix the rules. In the mean time, you'll probably want to turn the rule off as described below.