That is a very common ModSecurity problem. The ModSecurity OWASP CRS Ruleset breaks the BPS Custom Code Forms and many other Forms in BPS. We are currently redesigning BPS to be “ModSecurity Proof”. We will be releasing a new BPS and BPS Pro version in 5-10 days. For now you will need to manually edit your Root htaccess file via your web host control panel file manager or FTP. Note: For the last year we have been advising folks to contact their web host support folks to create ModSecurity whitelist rules. That has been a complete failure and waste of time since 90% of the time web host support techs think they have fixed the ModSecurity problem, but it is not fixed or they do not have any idea how to fix the ModSecurity problems. So don’t even bother contacting your web host support folks.
Ongoing ModSecurity Problems Related Topics:
https://forum.ait-pro.com/forums/topic/mod-security-common-known-problems/
https://forum.ait-pro.com/forums/topic/xampp-mod-security-setup-owasp-modsecurity-core-rule-set-setup/
https://wordpress.org/support/topic/custom-code-security-logging-setup-wizard-htaccess-file-editor-not-working/