Those 2 security filters are problematic and have been replaced with these 2 new security filters in BPS .50.2. You can add them now if you want or just remove or comment out those 2 problematic security filters. Remove the IP blocking line of code you added since it will cause major problems.
RewriteCond %{THE_REQUEST} \?+(%20{1,}|[^\s])+HTTP+(:/|/) [NC,OR]
RewriteCond %{THE_REQUEST} \/+(\*|%2a)+(%20|\s){1,}+HTTP+(:/|/) [NC,OR]
These security filters above also had some issues and have been replaced by this security filter below.
The new security filter in .50.3 is:
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\s+|%20+\s+|\s+%20+|\s+%20+\s+)HTTP(:/|/) [NC,OR]
The security filters have been changed one last time in BPS .50.4/BPS Pro 9.1 to:
RewriteCond %{THE_REQUEST} (\?|\*|%2a)+(%20+|\\s+|%20+\\s+|\\s+%20+|\\s+%20+\\s+)HTTP(:/|/) [NC,OR]