The issue lay in ModSecurity. It was set to "Detection only" with the default OWASP ruleset, but even so, it appeared to throw some kind of error. I have been able to resolve it by setting ModSecurity to Off, or to a different ruleset like Atomic Standard (and then it can be fully on, yielding no problems).