That’s likely the cause, but to know for sure you’ll need to see the logs. That’s why we ask if one is using mod_security in the support template. 
It’s noted to create problems.
Even if it’s still not mod_security, the Apache error log is what you need to figure out what’s going on. Something somewhere in the end-to-end path there is blocking PROPFIND HTTP methods, and you’ve eliminated CF.