Litespeed / Blocked and not Denied

Installed CWAF on cPanel. Installation went smoothly, however I’m seeing most rules being logged in modsec_audit.log but the requests are not being denied. For example. when I perform a test on the rule:

[client xxxxxxxxxx] mod_security: Blocked , [Rule: 'ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:desc|!ARGS:/description/|!ARGS:/message/|!ARGS:Post|!ARGS:text|!ARGS:/description/|!ARGS:/message/|!ARGS:Post|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:text_message' '(?i)\b(?i:and)\b\s+(\d{1,10}|'[^=]{1,10}')\s*?[=]|\b(?i:and)\b\s+(\d{1,10}|'[^=]{1,10}')\s*?[<>]|\band\b ?(?:\d{1,10}|[\'\"][^=]{1,10}[\'\"]) ?[=<>]+|\b(?i:and)\b\s+(\d{1,10}|'[^=]{1,10}')'] [ID "211580"] [Msg "COMODO WAF: SQL Injection Attack"] [severity "CRITICAL"] [MatchedString "b AND 1=1"]

Note how it says “Blocked” here. I didn’t receive a 403 error but it seems the request went through just fine.

On the other hand, certain rules are triggering ‘Deny’ rules and a 403 error, such as:

[client] mod_security: Access denied with code 403, [Rule: 'Request_URI' '(media|post|post_new)\.php'] [ID "220830"] [Msg "COMODO WAF: Blocking XSS attack"] [severity "WARNING"] [MatchedString "/wp-comments-post.php"]

Why are some working and others not? Is there a problem with the default action and Litespeed?

For rule 211580 (cwaf_02.conf) default action is “block”, for rule 220830 (cwaf_05.conf) is “deny”. As I checked for Apache both rules deny requests.
Please, try to change in rule 211580 (cwaf_02.conf) “block” for “deny”. However, it seems rule works fine and request doesn’t go through.