Thanks for this. I just had the same problem. Everything was fine on my site until my host moved me to Apache 2. Lots of stuff broke, and I am going through the pages fixing things one by one. While I am doing this, I am archiving my old code in a "admin only" forum in case I ever need it again later. I made one post with no problem. Then went to make another post a few minutes later and hit the 403 error. And my search brought me here. So I decided to look in the error logs, and found this:
[Fri Dec 02 01:03:09 2016] [error] [client xx.xx.xx.xx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[[:space:]]*script
" at ARGS:message. [file "......./apache2/conf/httpd.sec.conf"] [line "134"] [hostname "www.zzzdomainzz.com
"] [uri "/forum/posting.php"] [unique_id "ERTSFDHS456ERFDGSDF"]
Adding the SecFilters didn't work for me. My host has compiled the module to forbid this. I had to contact them to fix it.