Recently upgraded but came up against a few things regarding mod_security so see below if you get something similar.
tar xfvz subversion-1.7.9.tar.gz
./configure --with-apxs=/usr/local/apache/bin/apxs --with-apr=/usr/local/apache/bin/apr-1-config --with-apr-util=/home/cpeasyapache/src/httpd-2.2.24/srclib/apr-util --with-neon=/usr/local/neon/ --with-ssl
The Mod_Security quirk was down to the rules I had in a custom.conf for apache...
Now the code above is now disabled because it seems Mod_Security has included a subversion exception/rule as standard now but the code above caused me some problems because of two things:
# Our ACL (Access Control Policy)
# Try anonymous access first, then usernames if required.
AuthName "My Dev Repos"
# Blanket approach (disable if possible)
# SubVersion Rules to allow through
#SecRule REQUEST_METHOD "^(PROPFIND|PROPPATCH)$" allow "id:1234123456"
#SecRule REQUEST_METHOD "^(REPORT|OPTIONS)$" "id:1234123457,allow"
#SecRule REQUEST_METHOD "^(MKACTIVITY|CHECKOUT)$" "id:1234123458,allow"
#SecRule REQUEST_METHOD "^(PUT|DELETE|MERGE)$" "id:1234123459,allow"
#SecRule REQUEST_METHOD "^(MKCOL)$" allow "id:1234123460,allow"
1. Mod_security now requires a unique_id for each rule, which CPanel appears to have helpfully applied to each of my custom rules...
2. The syntax has changed from the pre Mod_Sec 2.7 type:
SecRule REQUEST_METHOD "^(PROPFIND|PROPPATCH)$" allow
As you can see in my example above I've disabled the workaround as it doesn't appear to be required anymore but it might catch you out if you've been getting errors like this:
SecRule REQUEST_METHOD "^(PROPFIND|PROPPATCH)$" "id:1234123456,allow"
SecRule takes two or three arguments, rule target, operator and optional action list