Here's an update. Rule "1234123429" is triggered by many cronjobs running on my servers:
[Rule: 'REQUEST_HEADERS:User-Agent' '!^apache.*perl'] [ID "1234123429"] [Msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [MatchedString "Wget/1.11.4 Red Hat modified"]
I've disabled it using ConfigServer ModSecurity Control. Not sure if this is a good idea or not.
From what I can gather, that rule shouldn't be triggered when running Apache, but is triggered when running Litespeed. Is this correct?