It can really be a multitude of things, possibly even config related on your end.
You should rename any .htaccess files temporarily to see if something in them is causing it to preform in the behavior you've been witnessing. If it's not your .htaccess files (ie it still gives the issue) you could try disabling the ubb's spider friendly urls and see if that causes an issue.
The only other avenue I can suggest is to troll through your access logs looking for an error provided by mod_security (it should specify, at least by throwing a bizarre error code) and try to get some settings that'll work with your environment.
You can also try to circumvent mod_security in your web root, if your host allows it, by adding this bit of code:
<IfModule mod_security.c>
# Turn off mod_security filtering.
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
Please note that, by disabling mod_security (if allowed) your webhost won't reap any of the security benefits of the module (but I don't even use it on my server, so 'eh, your mileage may vary).