If your host uses mod_security to block requests containing URLs (eg. hosts like HostGator, The Planet), you should contact your provider to whitelist your domain (or URL) and disable mod_security for your website.

Alternately, if your Piwik is hosted on the same domain as your website being tracked, you can edit your Piwik Javascript Tracking code to force data to be sent in POST, to avoid the mod_security check. Before the line

_paq.push(['trackPageView']);

you can add the following line

_paq.push(['setRequestMethod', 'POST']);