mod_security on Dreamhost (and possibly other hosting providers) ships with default rules that will intermittently bite Drupal users. Each of these rules is just a regex match on text in a node, or the URL being requested. The rule is triggered intermittently – a reload usually solves the problem (and fails to trigger the rule).

The “page” that is “not found” is not actually the page the user is looking for. It’s internal_error.html that is to be served when PHP dies prematurely, on account of being blocked by mod_security for this request. Creating the internal_error.html file in the Drupal root should fix that problem.

You can add the rules above to your .htaccess file for your site, if you don’t have root permissions on your server. Instead of using LocationMatch, which is not valid for .htaccess, use this instead:

SecRuleRemoveById 960010
SecRuleRemoveById 960015
SecRuleRemoveById 960032
SecRuleRemoveById 950107

Hope that helps. I have just made the change on my web server, and am waiting to see if any additional mod_security errors will be generated. (They look like “Premature end of script headers” in the httpd error.log)

It would be great if you can post on why these rules are required. They were quite helpful for me. I linked them from this post http://drupal.org/node/717738#comment-2622358 but not so sure how to explain them

Please explain me why? What are these rules watching and which function are they blocking?