Re: 403 errors
Since the rule itself has the annotation
[msg "Hsphere Rules 1: experimental rule for most php application attacks. Report false positives"]
…I’d contact Hsphere and report it as a false positive.
Though as a security precaution, this should be changed within BP, too.