found this thread http://forums.hostgator.com/mod-securit ... 71394.html
"http:/" in form data ("Remote File Injection attempt in ARGS (MM)")
If you have a script that asks a user for a URL, and that user includes "http:/" somewhere in the form data, mod_security will kill that page as soon as the form is submitted. If you need to get a URL from your users, don't ask them for the full URL plus prefix; have them input "www.example.com" rather than "http://www.example.com", and add the schema prefix on the front programatically if you need it.
is it possible to fix the script ? or there is no other solution then disabling Mod_security