The security violation is that %3C and %3E are being used in the Referer string so you can just remove those and not have to comment out the entire security filter if you want to go that route.
this works fine
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%00) [NC,OR]