Came across a weird problem this week with Concrete5 where depending on the content entered into a block, the form submission may work or it may return a 404 error. The problem was traced to using specific combinations of words close together in your block content, such as “select from” would always cause it to break. This is obviously some sort of SQL injection attack filtering, but finding the problem was pretty tough. In the end, we found it to be the mod_security module of apache as the culprit. You can disable the module, add a white list to allow content going to index.php of Concrete5 sites, or just live with it and change your block content.