The way that apache is handled in the latest Server, 5.0.3 (15S2257), seems to have changed. Previously, the server web root was listening directly on 80 and 443 and each app was running on a different port and accessed by way of reverse proxy. Now the server web root is a proxy as well. If you follow the advice I gave here, apache will error because localhost is the only address binding to the web root now.
Mac Pro, OS X Yosemite (10.10.5), null
To address this, create a file that is read by the virtual hosts for ports 80 and 443. The apache proxy config files are located at /Library/Server/Web/Config/Proxy/.
Looking at the apache_serviceproxy.conf file It appears that you can create files in that directory and have them read in the virtual hosts as long as they are named "apache_serviceproxy_slash_default*.conf".
For securing MDM, I created "/Library/Server/Web/Config/Proxy/apache_serviceproxy_slash_default_mysec.conf" and populated it with the following:
#sets security on the document root. it works on both 80 and 443.
<Location />
<RequireAny>
Require ip 10.10.10
Require local
</RequireAny>
</Location>
#opens up the management api for profile manager to interact with devices
<Location /devicemanagement>
Require all granted
</Location>Afterward, I restarted all web services and it worked again.
securing MDM web ports in 5.03