When LiteSpeed Web Server reads Apache configurations without a control panel, you enable mod_security rules in the same way as you would on Apache. Do not try to enable WAF with the LSWS WAF configuration since it is for LSWS native virtual hosts only, not for Apache virtual hosts.
This article will not cover how to enable mod_security on Apache configurations. Because it is a general topic you can refer to many online tutorials. You can also refer to the control panel mod_security enabling method.