This is a known problem, which is lucky, because the error message is decidedly unhelpful.
The problem is that we have a parameter like ...&returnurl=http://your.domain/moodle/question/edit
... in the URL
. Apache has a security setting (that is off be default) to reject all requests of that form, because it is a theoreticl security risk (the worry is that someone might construct a malicious URL of the forum ...&returnurl=http://evil.hackers.site/rob/you
, and if Moodle's PHP code did something stupid, then it would be a security risk.
Please rest assured that what Moodle does here is secure.
If at all possible, you need to turn off that Apache configuration option.
I'm sure I looked at this before, and there was some reason why I could not just change the form of the URL to ...&returnurl=question/edit... and have Moodle fill in the http://your.domain/moodle
bit automatically. However, I cannot remember what that reason is now. Also, I am sure there is a tracker issue about this, but I cannot find it.