LiteSpeeds mod_security implementation is iffy at best (in my opinion - although they've done a better job at improving it). We personally put web applications that we don't trust / that are important behind Apache / mod_security to get the fullest effect. Far too many times we have seen wrong...