Some firewall products cause this kind of problem by watching for particular kinds of content in request strings; one product, for example, blocked all requests containing the words "DELETE" and "FROM" in that order in a misguided attempt to block SQL injection attacks. Of course, that content may well appear in a valid request, particularly as the request gets longer. I'd suggest that you try toying with your firewall, if you're able, to see if it's being accidentally triggered by the request.
Open Journal Systems Team
Don't miss the First International PKP Scholarly Publishing Conference
July 11 - 13, 2007, Vancouver, BC, Canada